GDRSystems Posted June 1, 2012 Share Posted June 1, 2012 Hi, I am trying to learn php and sql from the ground up, i have got the basics of php and now im starting with some simple sql. I have successfully managed to connect to my database and return some data and i have also managed to insert data into tables. My problem now is using query results within a php if statement. Can anyone help please? I'm sure that its just 1 or 2 line error. Table Layout DB Name: users Table Name: user Columns: userid, username, firstname, lastname, email, site, extra there are currently 4 records 2 files, - http://pricelessapps.com/logintest/login.html - with a single text input box (username) and submit button. - logintest.php - php and sql for checking if the username is in the database. <?php $con = mysql_connect("localhost","root",""); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("users", $con); $username = "SELECT username FROM user WHERE username = ($_POST['username'])"; if ($_POST['username'] != $username) { ?> Wrong Username <p> <a href="login.html">Back To Login</a>. </p> <?php } else { ?> Site Content <p> <a href="login.html">Back To Login</a>. </p> <?php } ?> MYSQL Server Version: 5.5.20 18510_.zip Quote Link to comment Share on other sites More sharing options...
requinix Posted June 2, 2012 Share Posted June 2, 2012 Since you're just starting out, this is an excellent chance for someone like me to point out all the things you should be doing right. That way you don't have to relearn (and rewrite) things later when you discover you've been doing something wrong. // root is the admin user for mysql. do not use it to connect to your database in your scripts // create a restrictive user just for the things you need it to do. for example, "simpleuser" $con = mysql_connect("localhost", "simpleuser", "simplepassword"); // to create this user, use whatever tool you have available (like phpMyAdmin or CPanel) // you can create one using a query too. temporarily connect as root and run // GRANT SELECT,INSERT,UPDATE,DELETE ON users.* TO simpleuser@localhost IDENTIFIED BY 'simplepassword' // - SELECT, INSERT, UPDATE, and DELETE are the operations you want to allow simpleuser to do // (as a simple user it shouldn't be able to alter tables or delete databases) // - "users.*" means all the tables in the `users` database // and be sure to change the username and password to something relevant if (!$con) { // do not reveal mysql errors. for now, just show a simple message die("Could not connect to the database"); // later you can learn to log these errors someplace and show a better message // (without having to kill the script to do so) } mysql_select_db("users", $con); // if you ever use anything from $_GET or $_POST in a query, you need to make sure it's safe to use first // for string values use mysql_real_escape_string() right when you put the string into the query $query = "SELECT * FROM user WHERE username = '" . mysql_real_escape_string($_POST["username"]) . "'"; // there are other tools like PDO and mysqli which are "better" to use. when you understand how SQL works // then you should use those, but I do recommend starting off with just the mysql_* functions so you // learn about concepts like SQL injection // now execute the query $resultset = mysql_query($query, $con); // and try to get a row $user = mysql_fetch_array($resultset); // if you were able to get a row then that must mean there's some user with username=$_POST[username] if ($user) { ?> Site Content Back To Login. } else { ?> Wrong Username Back To Login. } Quote Link to comment Share on other sites More sharing options...
GDRSystems Posted June 2, 2012 Author Share Posted June 2, 2012 Thank You for your response. Your comments are very appreciated and well received. I have uploaded that script and I do not see anything on the output if the username exists or not. I have tried from multiple browsers and still no luck. any ideas? Quote Link to comment Share on other sites More sharing options...
requinix Posted June 2, 2012 Share Posted June 2, 2012 Are there any errors? Make sure your php.ini has display_errors = on error_reporting = -1 Quote Link to comment Share on other sites More sharing options...
GDRSystems Posted June 4, 2012 Author Share Posted June 4, 2012 Thank You for your help, i got it sorted, the code that you supplied worked flawlessly. it was just an error when pasting, ha. SOLVED! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.