College student S.O.S. need help with some code

[jahstarr]

Here is the code can anyone tell me where im going wrong the code is not perfect but i am concerned with why im not getting any data back from the query.

<?php

include 'databaseconnect2.php';

 

$firstname = $_GET["firstname"];

$email=$_GET["email"];

$password=$_GET["Password"];

$sql="Select password from customer where Email Like '%  ".$email."  %';";

$result= mysql_query($sql);

$row = mysql_fetch_row($result);

$password2= $row[1];

echo $password2;

 

function writeName($email,$password,$password2)

{

if ($password2 == $password)

echo "<h1>Welcome back " .$firstname."</h1>";

else

echo "<h1>Invalid login</h1>";

 

 

}

 

writeName($email,$password,$password2);

 

?>

[Daniel0]

Arrays are zero-indexed, so the password would be in $row[0]. Also, you need to use mysql_real_escape_string to prevent SQL injections.

[jahstarr]

the 1 in the row variable is just my attempt at debugging i have tried it with the 0 index and still no result. sql injections are the furthest thing from my mind at the present moment but thank you for the input I will look that function up and implement at a later date this is a project for school

[PFMaBiSmAd]

If you were developing and debugging your code on a system with error_reporting set to E_ALL and display_errors set to ON in your master php.ini, php would help you by displaying all the errors it detects. You will save a TON of time.

[Daniel0]

Well, then how exactly doesn't it work?

[jahstarr]

ok im not getting anything out  when I echo the $row variable. is my syntax wrong

[jahstarr]

PFMaBiSmAd, it is set to on

[PFMaBiSmAd]

Try using var_dump() instead of echo.

 

You have got something of a 'perfect storm' going on in that code. Because you don't have any logic in it to test if the query executed without error and then test how many rows were returned AND you are using mysql_fetch_row, you are getting a NULL value which when echoed results in no output.

[teamatomic]

Try this:

$sql="SELECT password FROM customer WHERE Email LIKE '% $email%' ";

 

but why are you using like, you are not doing any type of fuzzy searching, an email address  used as part of a login sequence is an exact match.

 

 

HTH

Teamatomic

[jahstarr]

Try this:

$sql="SELECT password FROM customer WHERE Email LIKE '% $email%' ";

 

but why are you using like, you are not doing any type of fuzzy searching, an email address  used as part of a login sequence is an exact match.

 

 

HTH

Teamatomic

 

i am using the like operator for pedagogical reasons. I am well aware that this is not a practice that I will use in a production system. That was the original code I had before this post and it gave me invalid syntax errors because the variable wasn't being passed properly

 

 

[jahstarr]

Try using var_dump() instead of echo.

 

You have got something of a 'perfect storm' going on in that code. Because you don't have any logic in it to test if the query executed without error and then test how many rows were returned AND you are using mysql_fetch_row, you are getting a NULL value which when echoed results in no output.

 

I am getting a null value I will implement the code below. I had this line of code in the file before this post.

 

if (!$result) {

    die('Invalid query: ' . mysql_error());

}

 

I also used the var_dump() in the $result variable I got databaseresource(6) of type (mysql result) back from it could this be the problem

[PFMaBiSmAd]

Your query is executing but it is matching zero rows (because you have extra spaces inside of the % $email % term.

 

Here is the minimum logic you should be using. It will tell you when something fails (the query or the Like comparison) and why -

<?php
include 'databaseconnect2.php';

$firstname = $_GET["firstname"];
$email=$_GET["email"];
$password=$_GET["Password"];
$sql="Select password from customer where Email Like '%$email%'";
if($result= mysql_query($sql)){
// the query executed without any error
if(mysql_num_rows($result)){
	// there was at least one row in the result set
	$row = mysql_fetch_assoc($result);
	$password2= $row['password'];
	//var_dump($password2);
	writeName($email,$password,$password2,$firstname);
} else {
	// zero rows in the result set
	echo "The entered Email: $email, was not found.";
}
} else {
// the query failed, do some error reporting (logging...)
$user_message = "Sorry, cannot proceed due to a database error.";
echo $user_message; // output the user message
$system_message = "Query failed: $sql<br />Reason: ". mysql_error();
trigger_error($system_message,E_USER_NOTICE); // report/display/log... the system error message
}
function writeName($email,$password,$password2,$firstname)
{
if ($password2 == $password)
	echo "<h1>Welcome back " .$firstname."</h1>";
else
	echo "<h1>Invalid login</h1>";
}
?>

 

I realize you want to get to the point where your code does "something." But unless your code has error checking/error reporting/error recovery logic in it to get it to tell you when it fails, why it failed, and take an appropriate action when it fails, we cannot directly tell you why it is failing either (we don't automatically have access to your database definition, your data, your database server, or your code running on your server.)

[jahstarr]

  PFMaBiSmAd, you are awesome I owe you my first born