Centurian Posted January 6, 2010 Share Posted January 6, 2010 Okay, I am sort of new to PHP and am confused. Here goes: <html> <body> <?php echo "LOGIN5"; $con = mysql_connect("localhost","USERNAME","PASSWORD"); // Connect to the USERS database. $sel = mysql_select_db("centuria_Players", $con); $result = mysql_query("SELECT * FROM UserData WHERE Username='".$_GET('username')."'"); while($row = mysql_fetch_array($result)) { echo $row['Username'] . " " . $row['Password']; echo "<br />"; if ($row['password'] = $_GET('password')) { echo "Your password is correct"; } mysql_close($con); ?> </body> </html> I hope it wasnt too confusing - Basically, the idea is that I have a MYSQL database containing a table called 'UserData'. When the human inputs their password and username, the website finds their entry in this table, and compares the password listed to the password they have provided. This code - put simply - does not work I cant figure out why. Thanks for helping. Link to comment https://forums.phpfreaks.com/topic/187388-mysql-php-to-store-usernames-and-passwords/ Share on other sites More sharing options...
trq Posted January 6, 2010 Share Posted January 6, 2010 A few things. Firstly, $_GET is an array not a function, hence its indexes need to be referenced via []. Secondly, any data submitted via a user needs to be (at least) escaped for bad cahrs. Otherwise, you are open to attacks of various sorts. Thirdly, you are using the = (assignment operator) to attempt a comparison. You need to use == (the comparison operator). Your code would be best written..... <?php // make sure data was submitted. if (isset($_GET['username'])) { // make sure variable are safe $username = mysql_real_escape_string($_GET['username'])); $password = mysql_real_escape_string($_GET['password'])) { // form your query. (this query itself will check that usernames and passwords match $sql = "SELECT * FROM UserData WHERE Username = '$username' && `Password` = md5('$password')"; // passwords should be stored as hashes. // always check your query succeeds before using any result if ($result = mysql_query($sql)) { // if a result is found, the username and passwords match if (mysql_num_rows($result)) { echo "Your username and password matched"; } else { echo "Wrong username or password"; } } else { // query failed. trigger_error(mysql_error()); } } ?> Link to comment https://forums.phpfreaks.com/topic/187388-mysql-php-to-store-usernames-and-passwords/#findComment-989509 Share on other sites More sharing options...
Centurian Posted January 6, 2010 Author Share Posted January 6, 2010 Thanks. I'm starting to get the hang of things. Link to comment https://forums.phpfreaks.com/topic/187388-mysql-php-to-store-usernames-and-passwords/#findComment-989520 Share on other sites More sharing options...
trq Posted January 6, 2010 Share Posted January 6, 2010 Cool, I tried to comment it pretty thoroughly so you could use it as an example. Link to comment https://forums.phpfreaks.com/topic/187388-mysql-php-to-store-usernames-and-passwords/#findComment-989523 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.