Jump to content

PHP Login Script Question?

Jakesta42

By Jakesta42
in PHP Coding Help

Recommended Posts

Jakesta42 Newbie

Jakesta42

Posted
Posted

Hey,

 

So I have a couple of files, and I'm trying to create a login script. There is a MySQL query that accesses a database with a list of usernames and passwords. I have a feeling something is wrong with my SQL query, because it's not working correctly.

 


<?php
$connect = mysql_connect("localhost", "root", "root");

if(!$connect){//If user can't connect to database
die('Could not connect: ' . mysql_error()); //Throw an error
}

mysql_select_db("colin_db", $connect);
//Get given username and password from username field and password field
$givenUsername = $_POST["usernameField"];
$givenPassword = $_POST["passwordField"];

$myQuery = "SELECT * FROM ADMINS 
		WHERE USERNAME = $givenUsername
		AND PASSWORD = $givenPassword";

$queryResult = mysql_query($myQuery);
$numRows = mysql_num_rows($queryResult);

if($numRows == 1){ //If the details are correct...
//Reload the page and login
echo "<script type = 'text/javascript'> window.location.reload() </script>";
echo "Details correct";

}
elseif($numRows == 0){ 	//Else if the details are not found
//Display error accordingly
echo "Details not correct!";    //This is what happens every time
}

mysql_close($connect);
?>

 

The database is configured correctly, but I'm not sure how to correctly create a SQL query to determine if the given username and password are correct. In case you'd like to see it, the segment from the index.php file is below.

 

<form action = "login.php" method = "POST">
Admin Login: <br>
Username: <input type = "text" name = "usernameField"/><br> <!-- Password field-->
Password: <input type = "password" name = "passwordField"/><br> <!-- Username field -->
		  <input type = "submit" value = "Login"  name = "submitButton"/> <!-- Login button -->
</form>

 

Any ideas?

 

Thanks,

 

Jake

 

Link to comment
https://forums.phpfreaks.com/topic/257124-php-login-script-question/
Share on other sites
Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

String type values should be quoted in query strings. You should also be checking whether the query executed successfully or not and, while developing, echoing the error and query string. In production, you would log the errors rather than echo them.

 

Also, if all you want is the number of matching records from a query, and don't need the actual values, you can use a SELECT COUNT() query. I haven't fixed any syntax errors so you can see the MySQL error that is returned.

 

$myQuery = "SELECT COUNT(1) FROM ADMINS 
		WHERE USERNAME = $givenUsername
		AND PASSWORD = $givenPassword";

if( !$queryResult = mysql_query($myQuery) ) {
echo "<br>Query: $myQuery<br>Error: " . mysql_error() . '<br>'; 
}
$array = mysql_fetch_row($myQuery);

if($array[0] == 1) { //If the details are correct...

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.