iJoseph Posted May 26, 2010 Share Posted May 26, 2010 I have made this code for a login. It just shows a blank page showing nothing, so the code is not wrong, but I can;t see what is... I would like it if you could identify the problem for my. Thanks, Joe. <?php $username = $_POST['username']; $password = $_POST['password']; $con = mysql_connect("localhost","hhh","hhh"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("Blah", $con); $result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'"); while($row = mysql_fetch_array($result)) { $d_username = $row['username']; $d_password = $row['password']; if($d_username == $username && $d_password == $password) { echo 'Win '; } else { echo 'Fail :l'; } } ?> Link to comment https://forums.phpfreaks.com/topic/202998-php-help-my-sql/ Share on other sites More sharing options...
The Eagle Posted May 26, 2010 Share Posted May 26, 2010 Don't understand why you used two different variables, one that was not even defined earlier. $d_username = $row['username']; $d_password = $row['password']; if($d_username == $username && $d_password == $password) { Link to comment https://forums.phpfreaks.com/topic/202998-php-help-my-sql/#findComment-1063750 Share on other sites More sharing options...
iJoseph Posted May 26, 2010 Author Share Posted May 26, 2010 The $username / $passord are at the top, from the $_POST['']. Link to comment https://forums.phpfreaks.com/topic/202998-php-help-my-sql/#findComment-1063752 Share on other sites More sharing options...
mattal999 Posted May 26, 2010 Share Posted May 26, 2010 Basically, you are selecting the row from the database which contains the POSTed username and password, and then you don't trust MySQL and are checking it again Why my dear boy? <?php $username = mysql_real_escape_string($_POST['username']); // read up on mysql_real_escape_string(). $password = mysql_real_escape_string($_POST['password']); // read up on mysql_real_escape_string(). $con = mysql_connect("localhost", "hhh", "hhh") or die('Could not connect: ' . mysql_error()); mysql_select_db("Blah", $con); $result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'") or die('Query failed: ' . mysql_error()); if(mysql_num_rows($result) > 0) { echo 'Win '; } else { echo 'Fail :l'; } ?> Link to comment https://forums.phpfreaks.com/topic/202998-php-help-my-sql/#findComment-1063757 Share on other sites More sharing options...
flappy_warbucks Posted May 26, 2010 Share Posted May 26, 2010 Hmmm.... try this: <?php $username = $_POST['username']; $password = $_POST['password']; $con = mysql_connect("localhost","hhh","hhh"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("Blah", $con); $query = "SELECT * FROM users WHERE username='". mysql_real_escape_string($username). "' AND password='". mysql_real_escape_string($password). "';"; if (!$result = mysql_query($query)) { die(mysql_error()); // it failed for whatever reason. } else { if (mysql_num_rows($result) > 0) { echo 'Win '; } else { echo 'Fail :l'; } } ?> Link to comment https://forums.phpfreaks.com/topic/202998-php-help-my-sql/#findComment-1063761 Share on other sites More sharing options...
iJoseph Posted May 26, 2010 Author Share Posted May 26, 2010 Thanks Link to comment https://forums.phpfreaks.com/topic/202998-php-help-my-sql/#findComment-1063762 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.