PHP and MySQL help

[Joe N]

Hi,

 

I am new here so please excuse me if this has been covered or is in the wrong section.

 

I am trying to follow this tutorial on entering a username and password into a login box on a web page and having PHP query (I am new to PHP/MySQL so please excuse me if I misused that term) the MySQL database the entered username and password are in to see if they exist. I am running MySQL version 5.1.39-community MySQL Community Server. I have one database created called users. In this database I have a table called users. When I type the command show tables; I get

 

Tables_in_users

users

 

When I type in select* from users I get

 

username | password

admin | AbCd1234

 

So I have a database named users, a table in the database called users and in the table I have username and password and have entered a username "admin" into username and a password "AbCd1234" into password.

 

When I try to test this I get the "Wrong Username or Password" error from checklogin.php, which is telling me I have something in the database setup wrong.

 

Here is the code for my checklogin.php file:

 

<?php
ob_start();
$host="***.***.*.***"; // Host name
$username="****"; // Mysql username
$password="********"; // Mysql password
$db_name="users"; // Database name
$tbl_name="users"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("Cannot connect!");
mysql_select_db("$db_name")or die("Cannot select DB!");

// Define $myusername and $mypassword
$myusername=$_POST['username'];
$mypassword=$_POST['password'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}

ob_end_flush();
?>

 

I am thinking that it may have something to do with

 

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>

 

But I am unsure. If anyone has any suggestions or a place they can point me to help solve this error I would greatly appreciate it.

 

Thank you.

[kickstart]

Hi

 

Nothing obvious. Have you go the form you are using to call this script?

 

I would be tempted to put out the SQL to check it contains what you expect it to (ie, the userid and password).

 

All the best

 

Keith