Jump to content

Archived

This topic is now archived and is closed to further replies.

simcoweb

can't get username field to pass to query WHERE parameter

Recommended Posts

I'm still struggling with this mystery. I have a login form. Simple stuff:

[code]<form action="<?php print $PHP_SELF ?>" id="Form1" style="WIDTH: 100%" method="post" >
<table id="Table1" cellspacing="0" cols="2" cellpadding="0" align="center" border="0">
<tbody>
<tr><td>User name:&nbsp;&nbsp;</td><td><input type='text' size='21' name="username" ></td>
</tr>
<tr>
<td>Password:</td><td><input type="password" size="21" name="password"></td>
</tr>
<tr>
<td></td>
<td align="right"><br><input type="submit" value="Login"></td>
</tr>
</tbody>
</table>
</form>[/code]

There's other code but this is the focus. No errors in the other code as it just validates then if no errors forwards the logged in user to a page 'members.php' where it should display their profile and picture based upon their username. Problem is it won't display it as for some reason the 'username' field is not being passed.

Here's the 'members.php' code:

[code]<?php
$username = $_POST['username'];

$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());
mysql_select_db($dbname) or die(mysql_error());

//new sql query
$sql = "SELECT * FROM plateau_pros WHERE username='$username'";
$result = mysql_query($sql, $conn) or die(mysql_error());
?>[/code]

Now, this is SUPPOSED to pull the array of data based upon the posted username. It's not. The page is blank. We've echoed the query to see what's up using this bit of code:

[code]<?php
echo "query = ". $sql. "<br/>";
if(!$username)
{
echo "Heres your problem";
}
?>[/code]

Which produces the echo display. In other words, NO username is being passed. Therefore, no data being pulled.

Now, if I change the $username variable in the query to an actual username then all their data shows properly. This is the mystery. WHY won't the username variable pass via POST to the members.php page and populate the WHERE username='$username' clause in the query?

I've even tried this with different login forms thinking there's something goofy I can't see. Still the same issue. I've tried posting the data to an external script instead of <?php print $PHP_SELF ?> and that didn't work.

I need some help with this one. Thanks! :)

Share this post


Link to post
Share on other sites
as far as I'm aware $PHP_SELF isn't a predefined variable... $_SERVER['PHP_SELF'] is..

also your mysql error messages are a tiny bit off. instead of
[code]mysql_query($sql, $conn) or die(mysql_error());[/code]
it would be better as...
[code]@mysql_query($sql, $conn) or die(mysql_error());[/code]


and if you're saying something like...
[code]
<form action="<? $_SERVER['PHP_SELF'] ?>" method="post">
<input type="text" name="test" value="test">
<input type="submit">
</form>

<?php
if(isset($_POST['test'])){
  echo "post worked!";
}
?>
[/code]
doesn't work then you might wanna look into a server error... (maybe browser error? so very doubtful)

Share this post


Link to post
Share on other sites
[quote author=genericnumber1 link=topic=113261.msg460201#msg460201 date=1162243875]
also your mysql error messages are a tiny bit off. instead of
[code]mysql_query($sql, $conn) or die(mysql_error());[/code]
it would be better as...
[code]@mysql_query($sql, $conn) or die(mysql_error());[/code]
[/quote]

You should normally NOT surpress errors by using @ - the original from simcoweb is just fine.


The post declaration looks fine, have you tried to echo $username ?

$username = $_POST['username'];
echo " --> ".$username;

Share this post


Link to post
Share on other sites
First, thanks for the posts. Both of you.

I have not echoed the $username variable. Just the query itself to see if it pulls the data. It's blank when I echo that. But, if I manually enter the username in the WHERE clause then it echoes the results of that particular profile.

I'll try echoing the $username and post back here the results.

Share this post


Link to post
Share on other sites
Ok, just for fun I took the basic form elements and the 'test' snippet and ran it. Here's what I did:

[code]<form action="<? $_SERVER['PHP_SELF'] ?>" id="Form1" style="WIDTH: 100%" name="Form1" method="post" >
<table id="Table1" cellspacing="0" cols="2" cellpadding="0" align="center" border="0">
<tbody>
<tr><td>User name:&nbsp;&nbsp;</td><td><input type='text' size='21' name="username" ></td>
</tr>
<tr>
<td>Password:</td><td><input type="password" size="21" name="password"></td>
</tr>
<tr>
<td></td>
<td align="right"><br><input type="submit" value="Login"></td>
</tr>
</tbody>
</table>
</form>
<?php
if(isset($_POST['username'])){
  echo "post worked!";
}
echo $username;
echo $password;
?>[/code]

When I test this I get these results:

[quote]post worked!terrellowens[/quote]

Which means the form works. Now, WHY is the form then breaking down and not sending the 'username' and 'password' fields to the members.php page.

Share this post


Link to post
Share on other sites
OK, I think a simple question has been overlooked here.  In your first post, you pasted the following form code:

[code]<form action="<?php print $_SERVER['PHP_SELF'] ?>" id="Form1" style="WIDTH: 100%" method="post" >
<table id="Table1" cellspacing="0" cols="2" cellpadding="0" align="center" border="0">
<tbody>
<tr><td>User name:&nbsp;&nbsp;</td><td><input type='text' size='21' name="username" ></td>
</tr>
<tr>
<td>Password:</td><td><input type="password" size="21" name="password"></td>
</tr>
<tr>
<td></td>
<td align="right"><br><input type="submit" value="Login"></td>
</tr>
</tbody>
</table>
</form>[/code]

Then directly under it you posted code for members.php.  Is the above code not part of members.php?

Regards
Huggie

Share this post


Link to post
Share on other sites
That form code is NOT part of members.php. That is part of login.php which also contains form field validation and a match of username/password against the database. If successful then the user is transferred to members.php via a header call:

[code]<?php
header("Location: members.php");
exit;
?>[/code]

The whole bit of code in the login.php form:

[code]<?php

session_start();
include 'header.php';
$loginError = ""; // declare this so it is always available

// Turn on magic quotes to prevent SQL injection attacks
if(!get_magic_quotes_gpc())
set_magic_quotes_runtime(1);
// Validate users input
if(!empty($_POST))
{
// Check username has a value
if(empty($_POST['username']))
  $loginError .= "Please enter a user name!";
// Check password has a value
if(empty($_POST['password']))
  $loginError.= "Please enter a password!";
// Check if any errors were returned and run relevant code
if(empty($loginError))
{
$username = $_POST['username'];
$password = $_POST['password'];

include 'dbconfig.php';

// Connect to database
$con = mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());
mysql_select_db($dbname, $con) or die(mysql_error());
// Get Record Set
$sql = ("SELECT * FROM plateau_pros  WHERE username = '$username' AND password = '$password'");
// mysql_query($sql) or die(mysql_error());
$results = mysql_query($sql, $con) or die(mysql_error());
$num_rows = mysql_num_rows($results) or die(mysql_error());

if ($num_rows == 1) {
      // Enable sessions
//if (isset($_SESSION['loggedin']))
//{
  $_SESSION['username'] = $_POST['username'];
  $_SESSION['memberid'] = $_POST['memberid'];
  header("Location: members.php");
  exit;
} else {
  if ($num_rows == 0){
    $loginError = "Your user name and password do not match any in our database! Please try again.";
    header("Location: login.php");
    exit;
}
 
}
}
}


?>[/code]

The members.php page is as follows:

[code]<?php
// Enable sessions
session_start();
$_SESSION['loggedin'] = $_POST['username'];
$username = $_POST['username'];

// Turn on magic quotes to prevent SQL injection attacks
if(!get_magic_quotes_gpc())
set_magic_quotes_runtime(1);

include 'dbconfig.php';
include 'header.php';
// Connect to database
$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());
mysql_select_db($dbname) or die(mysql_error());

//new sql query
$sql = "SELECT * FROM plateau_pros WHERE username='$username'";
$result = mysql_query($sql, $conn) or die(mysql_error());

while ($row = mysql_fetch_array($result)) {

echo "<div align='center'>
  <table  style='BORDER-COLLAPSE: collapse' bordercolor='#666666' cellpadding='4' width='530' border='0'>
  <tbody>
  <tr><td>
  <p>
    <font class='bodytext'>Welcome<b>" . $row['username'] ." " .$row['lastname'] . "</b></font>
  </p>
  <p>
  <img src='images/photo/$photo' width='150' height='175'>
  </p>
  <p>
  <strong><font class='bodytext'>Member Actions</font> </strong>
  </p>
  <font class='bodytext'>
  <ul>
  <li>Edit Profile</li>
  <li><a class='body' href='getrefs.php?memberid=$memberid'>View Referrals</a></li>
  <li><a class='body' href='http://www.plateauprofessionals.com/cal/calendar.php' target='_blank'>View Calendar</a></li>
  </ul>
  <p>
  <h3>Plateau Professionals Code of Ethics</h3><p>

<font class='bodytext'><b>As a member of Plateau Professionals I agree to abide by the following Code of Ethics:</b><br>
<ul>
<li>I will provide the quality of service and price quoted to all referrals.</li>
<li>I will treat my business like any other prestigious enterprise and will fulfill commitments I make to members and referrals.</li>
<li>I will conduct myself with integrity and responsibility</li>
<li>I will be a positive member of Plateau Professionals and support the enthusiastic atmosphere by my active participation at every meeting.</li>
<li>I will uphold the Code of Ethics within my profession.</li>
</ul>
</p>
<p>
</p>
<p>
</p>
</font></td>
</tr>
</tbody>
</table>
</div>";
}
include 'footer.php';
?>

<?
// Tidy up used objects
// Close recordset
if(isset($result)) @mysql_free_result($result);
// Close database connection
if(isset($conn)) @mysql_close($conn);

?>[/code]

Share this post


Link to post
Share on other sites
If your redirecting the user from login.php to member.php then there are no $_POST variables available in members.php.

Share this post


Link to post
Share on other sites
As I thought...

In that case change this in members.php

[code=php:0]$username = $_POST['username'];[/code] to this [code=php:0]$username = $_SESSION['username'];[/code]


Regards
Huggie

Share this post


Link to post
Share on other sites
Ok, that worked. Thanks, Hug. I knew it was close ..but wasn't puffin on the cigar yet.

Now...another quick little issue. In this part:

[code]<?php
$results = mysql_query($sql, $con) or die(mysql_error());
$num_rows = mysql_num_rows($results) or die(mysql_error());

if ($num_rows == 1) {
      // Enable sessions
//if (isset($_SESSION['loggedin']))
//{
  $_SESSION['username'] = $_POST['username'];
  $_SESSION['memberid'] = $_POST['memberid'];
  header("Location: members.php");
  exit;
} else {
  if ($num_rows == 0){
    // display bad username and password error
    $loginError = "Your user name and password do not match any in our database! Please try again. <a class='body' href='login.php'>Return to login page.<br>\n";
 
}
?.[/code]

If they type in a correct user/pass then it works fine. If it's incorrect then i get a blank page. Not sure why. It should display the header/footer and contain the error message....but it's not.

Share this post


Link to post
Share on other sites
You're not actually echoing anything.

I'd change this:

[code]<?php
if ($num_rows == 1) {
  // Enable sessions
  //if (isset($_SESSION['loggedin']))
  //{
  $_SESSION['username'] = $_POST['username'];
  $_SESSION['memberid'] = $_POST['memberid'];
  header("Location: members.php");
  exit;
}
else {
  if ($num_rows == 0){
      // display bad username and password error
      $loginError = "Your user name and password do not match any in our database! Please try again. <a class='body' href='login.php'>Return to login page.<br>\n";
}[/code]

To this:

[code]<?php
if ($num_rows == 1) {
  $_SESSION['username'] = $_POST['username'];
  $_SESSION['memberid'] = $_POST['memberid'];
  header("Location: members.php");
  exit;
}
else {
  // display bad username and password error
  $loginError = "Your user name and password do not match any in our database! Please try again. <a class='body' href='login.php'>Return to login page.<br>\n";
  echo $loginError;
}[/code]

Regards
Huggie

Share this post


Link to post
Share on other sites
Hmmm...that didn't work either. I even changed it to this:

[code]<?php
if ($num_rows == 1) {
      // Enable sessions
  $_SESSION['username'] = $_POST['username'];
  $_SESSION['memberid'] = $_POST['memberid'];
  header("Location: members.php");
  exit;
} else {
  //if ($num_rows == 0){
    // display bad username and password error
    echo "Your user name and password do not match any in our database! Please try again. <a class='body' href='login.php'>Return to login page.<br>\n";
     
//}
 
}
?>[/code]

and the page just pulls blank. Here's the page. Type any user/pass combo and see:

[url=http://www.plateauprofessionals.com/login.php]www.plateauprofessionals.com/login.php[/url]

Share this post


Link to post
Share on other sites
try
[code]

<?php

if (mysql_num_rows($results) == "1")
{
$_SESSION['username'] = $_POST['username'];
$_SESSION['memberid'] = $_POST['memberid'];
header("Location: members.php");
exit;
}
else
{
echo "Your user name and password do not match any in our database! Please try again. <a class='body' href='login.php'>Return to login page.<br>\n";
}

?>

[/code]

If not, post the full current code

Share this post


Link to post
Share on other sites
Produces a blank page. Here's the entire code but without the query output.

[code]<?php

session_start();

$loginError = ""; // declare this so it is always available

// Turn on magic quotes to prevent SQL injection attacks
if(!get_magic_quotes_gpc())
set_magic_quotes_runtime(1);
// Validate users input
if(!empty($_POST))
{
// Check username has a value
if(empty($_POST['username']))
  $loginError['username'] = "Please enter a user name!";
// Check password has a value
if(empty($_POST['password']))
  $loginError['password'] = "Please enter a password!";
// Check if any errors were returned and run relevant code
if(empty($loginError))
{
$username = $_POST['username'];
$password = $_POST['password'];

include 'dbconfig.php';

// Connect to database
$con = mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());
mysql_select_db($dbname, $con) or die(mysql_error());
// Get Record Set
$sql = ("SELECT * FROM plateau_pros  WHERE username = '$username' AND password = '$password'");
// mysql_query($sql) or die(mysql_error());
$results = mysql_query($sql, $con) or die(mysql_error());
$num_rows = mysql_num_rows($results) or die(mysql_error());

if (mysql_num_rows($results) == "1")
{
$_SESSION['username'] = $_POST['username'];
$_SESSION['memberid'] = $_POST['memberid'];
header("Location: members.php");
exit;
}
else
{
echo "Your user name and password do not match any in our database! Please try again. <a class='body' href='login.php'>Return to login page.<br>\n";
}

}
}
include 'header.php';

?>[/code]

Share this post


Link to post
Share on other sites
what does this one tell you then?
[code]

<?php

session_start();

if(!get_magic_quotes_gpc()) set_magic_quotes_runtime(1);

if(empty($_POST['username'])) die("empty username"); else $username = $_POST['username'];
if(empty($_POST['password'])) die("empty password"); else $password = $_POST['password'];

include 'dbconfig.php';

$con = mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());
mysql_select_db($dbname, $con) or die(mysql_error());
$sql = mysql_query("SELECT * FROM plateau_pros  WHERE username = '$username' AND password = '$password'") or die(mysql_error());

if (mysql_num_rows($sql) == "1")
{
$_SESSION['username'] = $username;
$_SESSION['memberid'] = $password;
header("Location: members.php");
exit;
}
else
{
echo "Your user name and password do not match any in our database! Please try again. <a class='body' href='login.php'>Return to login page.<br>\n";
}

include 'header.php';

?>

[/code]

Share this post


Link to post
Share on other sites
I assume that means you want to see the entire code?

[code]<?php

session_start();

$loginError = ""; // declare this so it is always available

// Turn on magic quotes to prevent SQL injection attacks
if(!get_magic_quotes_gpc())
set_magic_quotes_runtime(1);
// Validate users input
if(!empty($_POST))
{
// Check username has a value
if(empty($_POST['username']))
  $loginError['username'] = "Please enter a user name!";
// Check password has a value
if(empty($_POST['password']))
  $loginError['password'] = "Please enter a password!";
// Check if any errors were returned and run relevant code
if(empty($loginError))
{
$username = $_POST['username'];
$password = $_POST['password'];

include 'dbconfig.php';

// Connect to database
$con = mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());
mysql_select_db($dbname, $con) or die(mysql_error());
// Get Record Set
$sql = ("SELECT * FROM plateau_pros  WHERE username = '$username' AND password = '$password'");
// mysql_query($sql) or die(mysql_error());
$results = mysql_query($sql, $con) or die(mysql_error());
$num_rows = mysql_num_rows($results) or die(mysql_error());

if (mysql_num_rows($results) == "1")
{
$_SESSION['username'] = $_POST['username'];
$_SESSION['memberid'] = $_POST['memberid'];
header("Location: members.php");
exit;
}
else
{
echo "Your user name and password do not match any in our database! Please try again. <a class='body' href='login.php'>Return to login page.<br>\n";
}

}
}
include 'header.php';

?>
<div align="center">
<table style="BORDER-COLLAPSE: collapse" bordercolor="#666666" cellpadding="4" width="530" border="0">
<tbody>
<tr>
<td>&nbsp; <h2 align="center">Login page</h2>
<font color="red"><div align="center">
<? // Loop through all errors
if(!empty($loginError))
{
?>
<ul>
<?
foreach($loginError as $eg_message)
{
?>
<li id="validationError"><?= @$eg_message ?></li>
<?
}
?>
</ul>
<?
}
?>
</font></div>
<form action="<? $_SERVER['PHP_SELF'] ?>" name="login" method="post" >
<table cellspacing="0" cols="2" cellpadding="0" align="center" border="0">
<tbody>
<tr><td>User name:&nbsp;&nbsp;</td><td><input type='text' size='21' name="username" ></td>
</tr>
<tr>
<td>Password:</td><td><input type="password" size="21" name="password"></td>
</tr>
<tr>
<td></td>
<td align="right"><br><input type="submit" value="Login"></td>
</tr>
</tbody>
</table>
</form>
</td></tr>
</tbody>
</table>
</div>
<p>
<hr width="80%" height="1">
<form action="forgot.php" method="POST" name="forgot">
<table width="450" border="0" align="center">
<tr><td><h2>Forgot Your Password?</h2><br>
<font class='bodytext'>If you have forgotten your password complete the form below to have your information sent to you.</font><p>
<tr><td><font class="bodytext">Enter your username: <br><input type="text" size="20" name="username" id="username"></td></tr>
<tr><td><input type="submit" name="submit" value="Submit"></td></tr>
</table>
</form>
<?
include 'footer.php';
?>[/code]

Share this post


Link to post
Share on other sites
No - i ment that you could try my alternative.

AMOT, you should change
$sql = ("SELECT * FROM plateau_pros  WHERE username = '$username' AND password = '$password'");
to
$sql = "SELECT * FROM plateau_pros  WHERE username = '$username' AND password = '$password'";

Share this post


Link to post
Share on other sites
Oh...heh :)

Ok, that one produces this error:

[quote]Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home2/wwwplat/public_html/login-mod.php:2) in /home2/xxxxxxxx/public_html/login-mod.php on line 4
empty username[/quote]

Share this post


Link to post
Share on other sites
Hang on a sec.. there was an empty line at line #1 causing the headers error. I took it out and all that shows now is:

[quote]empty username[/quote]

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.