Centurian Posted January 6, 2010 Share Posted January 6, 2010 Okay, I am sort of new to PHP and am confused. Here goes: <html> <body> <?php echo "LOGIN5"; $con = mysql_connect("localhost","USERNAME","PASSWORD"); // Connect to the USERS database. $sel = mysql_select_db("centuria_Players", $con); $result = mysql_query("SELECT * FROM UserData WHERE Username='".$_GET('username')."'"); while($row = mysql_fetch_array($result)) { echo $row['Username'] . " " . $row['Password']; echo "<br />"; if ($row['password'] = $_GET('password')) { echo "Your password is correct"; } mysql_close($con); ?> </body> </html> I hope it wasnt too confusing - Basically, the idea is that I have a MYSQL database containing a table called 'UserData'. When the human inputs their password and username, the website finds their entry in this table, and compares the password listed to the password they have provided. This code - put simply - does not work I cant figure out why. Thanks for helping. Quote Link to comment Share on other sites More sharing options...
trq Posted January 6, 2010 Share Posted January 6, 2010 A few things. Firstly, $_GET is an array not a function, hence its indexes need to be referenced via []. Secondly, any data submitted via a user needs to be (at least) escaped for bad cahrs. Otherwise, you are open to attacks of various sorts. Thirdly, you are using the = (assignment operator) to attempt a comparison. You need to use == (the comparison operator). Your code would be best written..... <?php // make sure data was submitted. if (isset($_GET['username'])) { // make sure variable are safe $username = mysql_real_escape_string($_GET['username'])); $password = mysql_real_escape_string($_GET['password'])) { // form your query. (this query itself will check that usernames and passwords match $sql = "SELECT * FROM UserData WHERE Username = '$username' && `Password` = md5('$password')"; // passwords should be stored as hashes. // always check your query succeeds before using any result if ($result = mysql_query($sql)) { // if a result is found, the username and passwords match if (mysql_num_rows($result)) { echo "Your username and password matched"; } else { echo "Wrong username or password"; } } else { // query failed. trigger_error(mysql_error()); } } ?> Quote Link to comment Share on other sites More sharing options...
Centurian Posted January 6, 2010 Author Share Posted January 6, 2010 Thanks. I'm starting to get the hang of things. Quote Link to comment Share on other sites More sharing options...
trq Posted January 6, 2010 Share Posted January 6, 2010 Cool, I tried to comment it pretty thoroughly so you could use it as an example. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.