Jump to content

PHP/SQL newb needs help with credential checks


danp

Recommended Posts

Ok, so I'm working on an IVR project and I need some help (php code enclosed) with a simple credential check system. When a user calls in, they are asked to give their 10 digit UserID number, then their 4 digit PIN number. Both are held in collection variables named "userid" and "pin" respectively. Now of course for both credentials to exist, they're in a MySQL database called "test" along with first name/last name etc. I have them use the POST method for a little added security. Now what I want my PHP code to do is check if the "userid" exists in the "clients" table of the "test" database, if it does, the user is prompted for their PIN number next in the IVR program. Then, if the PIN exists, it has to be in the same table entry as the matching userid... hope I didn't confuse anyone!

 

Below is my code.

 

<?php

$connection = @mysql_connect('localhost', 'root'); //no password for now

if(!$connection)
{
	exit(mysql_error());
}

if(!mysql_select_db('test'))
{
	exit(mysql_error());
}

    $userid = $_POST["userid"];
if(!$userid = "SELECT userid FROM clients")
{
	exit(mysql_error());
}

$pin = $_POST["pin"];
if(!$userid = "SELECT pin FROM clients WHERE userid = $userid")
{
	exit(mysql_error());
}
?>

It didn't show a parse error however.

It's most likely incorrect, but any help/code cleanup help is much appreciated!

Thanks, Dan.

Try this:

 

<?php
function isRecordExists($sql) {
	global $connection;
	$result = mysql_query($sql, $connection);
	if ($result === FALSE) {
		return false;
	}
	return mysql_num_rows($result);
}

$connection = @mysql_connect('localhost', 'root'); //no password for now

if(!$connection)
{
	exit(mysql_error());
}

if(!mysql_select_db('test'))
{
	exit(mysql_error());
}

    $userid = $_POST["userid"];

    if(!isRecordExists("SELECT `userid` FROM `clients` WHERE `userid` = '$userid'"))
{
	exit("$userid does not exist");
}

$pin = $_POST["pin"];
if(!isRecordExists("SELECT `pin` FROM `clients` WHERE `userid` = '$userid'"))
{
	exit("$pin does not exist");
}
?>

 

Try this:

 

<?php
function isRecordExists($sql) {
	global $connection;
	$result = mysql_query($sql, $connection);
	if ($result === FALSE) {
		return false;
	}
	return mysql_num_rows($result);
}

$connection = @mysql_connect('localhost', 'root'); //no password for now

if(!$connection)
{
	exit(mysql_error());
}

if(!mysql_select_db('test'))
{
	exit(mysql_error());
}

    $userid = $_POST["userid"];

    if(!isRecordExists("SELECT `userid` FROM `clients` WHERE `userid` = '$userid'"))
{
	exit("$userid does not exist");
}

$pin = $_POST["pin"];
if(!isRecordExists("SELECT `pin` FROM `clients` WHERE `userid` = '$userid'"))
{
	exit("$pin does not exist");
}
?>

 

Anupamsaha, thanks so much!! This works a charm, and I'm very grateful for the lightening fast response time.

 

Best wishes and *much* thanks,

Dan P.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.