iJoseph Posted May 26, 2010 Share Posted May 26, 2010 I have made this code for a login. It just shows a blank page showing nothing, so the code is not wrong, but I can;t see what is... I would like it if you could identify the problem for my. Thanks, Joe. <?php $username = $_POST['username']; $password = $_POST['password']; $con = mysql_connect("localhost","hhh","hhh"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("Blah", $con); $result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'"); while($row = mysql_fetch_array($result)) { $d_username = $row['username']; $d_password = $row['password']; if($d_username == $username && $d_password == $password) { echo 'Win '; } else { echo 'Fail :l'; } } ?> Quote Link to comment https://forums.phpfreaks.com/topic/202998-php-help-my-sql/ Share on other sites More sharing options...
The Eagle Posted May 26, 2010 Share Posted May 26, 2010 Don't understand why you used two different variables, one that was not even defined earlier. $d_username = $row['username']; $d_password = $row['password']; if($d_username == $username && $d_password == $password) { Quote Link to comment https://forums.phpfreaks.com/topic/202998-php-help-my-sql/#findComment-1063750 Share on other sites More sharing options...
iJoseph Posted May 26, 2010 Author Share Posted May 26, 2010 The $username / $passord are at the top, from the $_POST['']. Quote Link to comment https://forums.phpfreaks.com/topic/202998-php-help-my-sql/#findComment-1063752 Share on other sites More sharing options...
mattal999 Posted May 26, 2010 Share Posted May 26, 2010 Basically, you are selecting the row from the database which contains the POSTed username and password, and then you don't trust MySQL and are checking it again Why my dear boy? <?php $username = mysql_real_escape_string($_POST['username']); // read up on mysql_real_escape_string(). $password = mysql_real_escape_string($_POST['password']); // read up on mysql_real_escape_string(). $con = mysql_connect("localhost", "hhh", "hhh") or die('Could not connect: ' . mysql_error()); mysql_select_db("Blah", $con); $result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'") or die('Query failed: ' . mysql_error()); if(mysql_num_rows($result) > 0) { echo 'Win '; } else { echo 'Fail :l'; } ?> Quote Link to comment https://forums.phpfreaks.com/topic/202998-php-help-my-sql/#findComment-1063757 Share on other sites More sharing options...
flappy_warbucks Posted May 26, 2010 Share Posted May 26, 2010 Hmmm.... try this: <?php $username = $_POST['username']; $password = $_POST['password']; $con = mysql_connect("localhost","hhh","hhh"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("Blah", $con); $query = "SELECT * FROM users WHERE username='". mysql_real_escape_string($username). "' AND password='". mysql_real_escape_string($password). "';"; if (!$result = mysql_query($query)) { die(mysql_error()); // it failed for whatever reason. } else { if (mysql_num_rows($result) > 0) { echo 'Win '; } else { echo 'Fail :l'; } } ?> Quote Link to comment https://forums.phpfreaks.com/topic/202998-php-help-my-sql/#findComment-1063761 Share on other sites More sharing options...
iJoseph Posted May 26, 2010 Author Share Posted May 26, 2010 Thanks Quote Link to comment https://forums.phpfreaks.com/topic/202998-php-help-my-sql/#findComment-1063762 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.