danp Posted June 1, 2009 Share Posted June 1, 2009 Ok, so I'm working on an IVR project and I need some help (php code enclosed) with a simple credential check system. When a user calls in, they are asked to give their 10 digit UserID number, then their 4 digit PIN number. Both are held in collection variables named "userid" and "pin" respectively. Now of course for both credentials to exist, they're in a MySQL database called "test" along with first name/last name etc. I have them use the POST method for a little added security. Now what I want my PHP code to do is check if the "userid" exists in the "clients" table of the "test" database, if it does, the user is prompted for their PIN number next in the IVR program. Then, if the PIN exists, it has to be in the same table entry as the matching userid... hope I didn't confuse anyone! Below is my code. <?php $connection = @mysql_connect('localhost', 'root'); //no password for now if(!$connection) { exit(mysql_error()); } if(!mysql_select_db('test')) { exit(mysql_error()); } $userid = $_POST["userid"]; if(!$userid = "SELECT userid FROM clients") { exit(mysql_error()); } $pin = $_POST["pin"]; if(!$userid = "SELECT pin FROM clients WHERE userid = $userid") { exit(mysql_error()); } ?> It didn't show a parse error however. It's most likely incorrect, but any help/code cleanup help is much appreciated! Thanks, Dan. Link to comment https://forums.phpfreaks.com/topic/160519-phpsql-newb-needs-help-with-credential-checks/ Share on other sites More sharing options...
anupamsaha Posted June 1, 2009 Share Posted June 1, 2009 Try this: <?php function isRecordExists($sql) { global $connection; $result = mysql_query($sql, $connection); if ($result === FALSE) { return false; } return mysql_num_rows($result); } $connection = @mysql_connect('localhost', 'root'); //no password for now if(!$connection) { exit(mysql_error()); } if(!mysql_select_db('test')) { exit(mysql_error()); } $userid = $_POST["userid"]; if(!isRecordExists("SELECT `userid` FROM `clients` WHERE `userid` = '$userid'")) { exit("$userid does not exist"); } $pin = $_POST["pin"]; if(!isRecordExists("SELECT `pin` FROM `clients` WHERE `userid` = '$userid'")) { exit("$pin does not exist"); } ?> Link to comment https://forums.phpfreaks.com/topic/160519-phpsql-newb-needs-help-with-credential-checks/#findComment-847138 Share on other sites More sharing options...
danp Posted June 1, 2009 Author Share Posted June 1, 2009 Try this: <?php function isRecordExists($sql) { global $connection; $result = mysql_query($sql, $connection); if ($result === FALSE) { return false; } return mysql_num_rows($result); } $connection = @mysql_connect('localhost', 'root'); //no password for now if(!$connection) { exit(mysql_error()); } if(!mysql_select_db('test')) { exit(mysql_error()); } $userid = $_POST["userid"]; if(!isRecordExists("SELECT `userid` FROM `clients` WHERE `userid` = '$userid'")) { exit("$userid does not exist"); } $pin = $_POST["pin"]; if(!isRecordExists("SELECT `pin` FROM `clients` WHERE `userid` = '$userid'")) { exit("$pin does not exist"); } ?> Anupamsaha, thanks so much!! This works a charm, and I'm very grateful for the lightening fast response time. Best wishes and *much* thanks, Dan P. Link to comment https://forums.phpfreaks.com/topic/160519-phpsql-newb-needs-help-with-credential-checks/#findComment-847150 Share on other sites More sharing options...
anupamsaha Posted June 1, 2009 Share Posted June 1, 2009 You are welcome. Don't forget to mark this topic as "solved". Link to comment https://forums.phpfreaks.com/topic/160519-phpsql-newb-needs-help-with-credential-checks/#findComment-847156 Share on other sites More sharing options...
danp Posted June 1, 2009 Author Share Posted June 1, 2009 I was going to ask how to do that, I saw the Solved Mod in the forums, but had no idea how to do it. Link to comment https://forums.phpfreaks.com/topic/160519-phpsql-newb-needs-help-with-credential-checks/#findComment-847164 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.