dual_alliance Posted July 22, 2006 Share Posted July 22, 2006 I have the following code:[code]<?php session_start(); header("Cache-control: private"); // Get MySQL Database information include('db.php');// Make variables from the form $Username = $_POST['userName']; $Password = $_POST['passWord'];// Remove HTML (if any) $Username = strip_tags("$Username"); $Password = strip_tags("$Password");// Remove escaped characters (if any) $Username = stripslashes("$Usermame"); $Password = stripslashes("$Password");// Connect to server and select database. mysql_connect("$dbHost", "$dbUserName", "$dbPassWord")or die("Cannot connect to server!"); mysql_select_db("$dbName")or die("Cannot select Database!");// Does the user exist? $sql_user_check = 'SELECT * FROM users WHERE username="$Username"'; $result_name_check = mysql_query($sql_user_check); $usersfound = mysql_num_rows($result_name_check); // If the user doesn't exist, create error if ($usersfound < 1) { $error = "User $Username not found.";// If the user does exist, continue with processing }else{// Check if the passwords match $sql_pass_get = 'SELECT * FROM users WHERE username="$Username"'; $user_info = mysql_fetch_array(mysql_query($sql_pass_get)); $encryptpass = $user_info['password']; // If it doesn't match, note that and end if ($encryptpass != md5($PassWord)) { $error = "Invalid password. Try again.";// If it does match, let in and pass on info to session variables }else{ $_SESSION['userid'] = $user_info['userid']; $_SESSION['username'] = $user_info['username']; $_SESSION['password'] = $user_info['password']; } } if (!$_SESSION['username']) { echo "$error"; }else{ include('admin.php'); }?>[/code]On index.php (login) l enter the username l entered into the MySQL database and it says user not found... I have gone into the MySQL database using phpmyadmin and the username is there. So what is going on?Thanks,dual_alliance Quote Link to comment Share on other sites More sharing options...
Joe Haley Posted July 22, 2006 Share Posted July 22, 2006 $sql_user_check = 'SELECT * FROM users WHERE username="$Username"';$username is taken as literal, as its in single quotes on the PHP-leveltry$sql_user_check = "SELECT * FROM users WHERE username=\"$Username\""; Quote Link to comment Share on other sites More sharing options...
dual_alliance Posted July 22, 2006 Author Share Posted July 22, 2006 Thanks that worked ;D Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.