Jakesta42 Posted February 16, 2012 Share Posted February 16, 2012 Hey, So I have a couple of files, and I'm trying to create a login script. There is a MySQL query that accesses a database with a list of usernames and passwords. I have a feeling something is wrong with my SQL query, because it's not working correctly. <?php $connect = mysql_connect("localhost", "root", "root"); if(!$connect){//If user can't connect to database die('Could not connect: ' . mysql_error()); //Throw an error } mysql_select_db("colin_db", $connect); //Get given username and password from username field and password field $givenUsername = $_POST["usernameField"]; $givenPassword = $_POST["passwordField"]; $myQuery = "SELECT * FROM ADMINS WHERE USERNAME = $givenUsername AND PASSWORD = $givenPassword"; $queryResult = mysql_query($myQuery); $numRows = mysql_num_rows($queryResult); if($numRows == 1){ //If the details are correct... //Reload the page and login echo "<script type = 'text/javascript'> window.location.reload() </script>"; echo "Details correct"; } elseif($numRows == 0){ //Else if the details are not found //Display error accordingly echo "Details not correct!"; //This is what happens every time } mysql_close($connect); ?> The database is configured correctly, but I'm not sure how to correctly create a SQL query to determine if the given username and password are correct. In case you'd like to see it, the segment from the index.php file is below. <form action = "login.php" method = "POST"> Admin Login: <br> Username: <input type = "text" name = "usernameField"/><br> <!-- Password field--> Password: <input type = "password" name = "passwordField"/><br> <!-- Username field --> <input type = "submit" value = "Login" name = "submitButton"/> <!-- Login button --> </form> Any ideas? Thanks, Jake Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted February 16, 2012 Share Posted February 16, 2012 String type values should be quoted in query strings. You should also be checking whether the query executed successfully or not and, while developing, echoing the error and query string. In production, you would log the errors rather than echo them. Also, if all you want is the number of matching records from a query, and don't need the actual values, you can use a SELECT COUNT() query. I haven't fixed any syntax errors so you can see the MySQL error that is returned. $myQuery = "SELECT COUNT(1) FROM ADMINS WHERE USERNAME = $givenUsername AND PASSWORD = $givenPassword"; if( !$queryResult = mysql_query($myQuery) ) { echo "<br>Query: $myQuery<br>Error: " . mysql_error() . '<br>'; } $array = mysql_fetch_row($myQuery); if($array[0] == 1) { //If the details are correct... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.