Fluf Posted July 24, 2009 Share Posted July 24, 2009 $query = mysql_query("SELECT COUNT(id) FROM LOGIN WHERE username='$username' AND password='$password'"); $row = mysql_fetch_row($query); if($row[0] != 1) { echo "Invalid username/password"; } else if($row[0] == 1) { echo "Welcome."; So when it finds from database username and password what matches then row[0] value should be 1 right? But it already gives the value 1 when i only enter username and press login or try it with some random password.. Quote Link to comment https://forums.phpfreaks.com/topic/167293-login-with-mysql/ Share on other sites More sharing options...
cs.punk Posted July 24, 2009 Share Posted July 24, 2009 $query = mysql_query("SELECT COUNT(id) FROM LOGIN WHERE username='$username' AND password='$password'"); $row = mysql_fetch_row($query); if($row[0] != 1) { echo "Invalid username/password"; } else if($row[0] == 1) { echo "Welcome."; So when it finds from database username and password what matches then row[0] value should be 1 right? But it already gives the value 1 when i only enter username and press login or try it with some random password.. Well, I am not quite sure what your doing with the above code but... $sql_select = "SELECT * FROM LOGIN WHERE username='$username' AND password='$password' LIMIT 1"; $mq_select = mysqli_query($db_con, $sql_select); $row = mysqli_fetch_assoc($query); if($row['password'] == $password) {echo "Corrert password"; } else {echo "WRONG PASSWORD"; } I hope you will figure it out . Also look into md5 and mysql_real_escape_string. Quote Link to comment https://forums.phpfreaks.com/topic/167293-login-with-mysql/#findComment-882094 Share on other sites More sharing options...
mmarif4u Posted July 24, 2009 Share Posted July 24, 2009 How about this one: $sql_select = "SELECT * FROM LOGIN WHERE username='$username' AND password='$password'"; $q = mysql_query($db_con, $sql_select); $num = mysql_num_rows($q); if($num == 0) {echo "Invalid Username OR Password"; } else {echo "You are allowed...!"; } Quote Link to comment https://forums.phpfreaks.com/topic/167293-login-with-mysql/#findComment-882102 Share on other sites More sharing options...
Fluf Posted July 24, 2009 Author Share Posted July 24, 2009 There is not difference, what i would use lol $query = mysql_query("SELECT COUNT(id) FROM LOGIN WHERE username='$username' AND password='$password'"); $row = mysql_fetch_row($query); When i write print_r($row[0]) and i submit only username it says 1, but shouldn't it say 0?? Quote Link to comment https://forums.phpfreaks.com/topic/167293-login-with-mysql/#findComment-882112 Share on other sites More sharing options...
The Eagle Posted July 24, 2009 Share Posted July 24, 2009 There is not difference, what i would use lol $query = mysql_query("SELECT COUNT(id) FROM LOGIN WHERE username='$username' AND password='$password'"); $row = mysql_fetch_row($query); When i write print_r($row[0]) and i submit only username it says 1, but shouldn't it say 0?? Well, it actually should display 0. I'm not even sure why it would display 1. Your other codes may have identified a different print_row previously and it may just display that. Honestly, not sure. Quote Link to comment https://forums.phpfreaks.com/topic/167293-login-with-mysql/#findComment-882126 Share on other sites More sharing options...
vineld Posted July 24, 2009 Share Posted July 24, 2009 It looks as if there is something else that causes the problem. Try printing the values in order to see where things are messed up. A few other things: 1. You should never store passwords as they are in your database. Always store hashes. Md5 is one option but sha1 is better and you should always use a salt as well to make it safer, preferably two (one default and one unique for each user). 2. In case you have not done it prior to the code above, you must NEVER use any input directly in sql without making them safe first: $username = mysql_real_escape_string($username); If you don't, malicious users can do pretty much whatever they want with your database. Quote Link to comment https://forums.phpfreaks.com/topic/167293-login-with-mysql/#findComment-882136 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.