Getting data from SQL into header location

[thurmanmurman]

Hi All,

 

Right now i have a mySQL db called members with 4 columns: ID (PK), username, password, and directory.

 

i am using a check login page and wish to redirect my user on successful login to the directory specified in the mySQL db.

 

Here is the code below. At the moment, upon login, the address bar changes to ...undefined/index.php.

 

I have tested the mySQL_evaluate function on a test page and when I echo the results, it displays the correct information. Any ideas?

#####THE CODE#####

 

<?php

ob_start();

 

$host="";                            // Host name

$username="";                 // Mysql username

$password="";                 // Mysql password

$db_name="";                 // Database name

$tbl_name="members"; // Table name

 

 

// Connect to server and select database.

mysql_connect("$host", "$username", "$password")or die("cannot connect");

mysql_select_db("$db_name")or die("cannot select DB");

 

#####

function mysql_evaluate($query, $default_value="undefined") {

    $result = mysql_query($query);

    if (mysql_num_rows($result)==0)

        return $default_value;

    else

        return mysql_result($result,0);

}

#####

 

// Define $myusername and $mypassword

$myusername=$_POST['myusername'];

$mypassword=$_POST['mypassword'];

$mydirectory = mysql_evaluate("SELECT directory FROM $tbl_name WHERE 'username='$myusername'");

 

// encrypt password

$encrypted_mypassword=md5($mypassword);

 

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encrypted_mypassword'";

$result=mysql_query($sql);

 

// To protect MySQL injection (more detail about MySQL injection)

$myusername = stripslashes($myusername);

$mypassword = stripslashes($mypassword);

$myusername = mysql_real_escape_string($myusername);

$mypassword = mysql_real_escape_string($mypassword);

 

// Mysql_num_row is counting table row

$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row

 

if($count==1){

 

// Register $myusername, $mypassword, $mydirecory and redirect to file "login_success.php"

session_register("myusername");

session_register("mypassword");

session_register("mydirectory");

 

$host  = $_SERVER['HTTP_HOST'];

$uri  = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');

$directory = mysql_evaluate("SELECT directory FROM $tbl_name WHERE 'username='$myusername'");

$extra = 'index.php';

header("Location: http://$host$uri$directory/$extra");

}

else {

echo "Wrong Username or Password";

}

 

ob_end_flush();

?>

[thurmanmurman]

ive also tried using fetch object, and it inserts "object" into the address bar? HELPPPP!

[.josh]

well there's obviously something wrong with the function, as it is returning that undefined.  Change

 

$result = mysql_query($query);

 

to

 

$result = mysql_query($query) or die(mysql_error());

 

does it give an error? (remove it when you are done)

[thurmanmurman]

yes...it throws a syntax error at line 1.

[.josh]

looks like in your query string you have a ' right before username=...

[thurmanmurman]

Its definitely redirecting where I want it now. But now every user that logs on gets redirected to the directory for the first user... any ideas? php or mySQL issue?

[thurmanmurman]

I'm also seeing that when I clear my cookies, i am able to get to the correct directory, but then the same issue arises...not being able to get to any other unique directory. any thoughts?