Jump to content

Recommended Posts

Hi, I am trying to learn php and sql from the ground up, i have got the basics of php and now im starting with some simple sql.

 

I have successfully managed to connect to my database and return some data and i have also managed to insert data into tables.

 

My problem now is using query results within a php if statement.

 

Can anyone help please? I'm sure that its just 1 or 2 line error.

 

Table Layout

 

DB Name: users

Table Name: user

Columns: userid, username, firstname, lastname, email, site, extra

 

there are currently 4 records

 

 

2 files,

 

- http://pricelessapps.com/logintest/login.html - with a single text input box (username) and submit button.

 

- logintest.php - php and sql for checking if the username is in the database.

 

		<?php

		$con = mysql_connect("localhost","root","");
		if (!$con)
		  {
		  die('Could not connect: ' . mysql_error());
		  }
		mysql_select_db("users", $con);

		$username = "SELECT username FROM user WHERE username = ($_POST['username'])";

		if ($_POST['username'] != $username) {
		?>

		Wrong Username
		<p>
		<a href="login.html">Back To Login</a>.
		</p>

		<?php
		}
		else {
		?>

		Site Content
		<p>
		<a href="login.html">Back To Login</a>.
		</p>

		<?php
		} 
		?>

 

MYSQL Server Version: 5.5.20

18510_.zip

Link to comment
https://forums.phpfreaks.com/topic/263511-simple-query-please-help/
Share on other sites

Since you're just starting out, this is an excellent chance for someone like me to point out all the things you should be doing right. That way you don't have to relearn (and rewrite) things later when you discover you've been doing something wrong.

// root is the admin user for mysql. do not use it to connect to your database in your scripts
// create a restrictive user just for the things you need it to do. for example, "simpleuser"
$con = mysql_connect("localhost", "simpleuser", "simplepassword");
// to create this user, use whatever tool you have available (like phpMyAdmin or CPanel)
// you can create one using a query too. temporarily connect as root and run
//   GRANT SELECT,INSERT,UPDATE,DELETE ON users.* TO simpleuser@localhost IDENTIFIED BY 'simplepassword'
// - SELECT, INSERT, UPDATE, and DELETE are the operations you want to allow simpleuser to do
//   (as a simple user it shouldn't be able to alter tables or delete databases)
// - "users.*" means all the tables in the `users` database
// and be sure to change the username and password to something relevant

if (!$con) {
// do not reveal mysql errors. for now, just show a simple message
die("Could not connect to the database");
// later you can learn to log these errors someplace and show a better message
// (without having to kill the script to do so)
}

mysql_select_db("users", $con);

// if you ever use anything from $_GET or $_POST in a query, you need to make sure it's safe to use first
// for string values use mysql_real_escape_string() right when you put the string into the query
$query = "SELECT * FROM user WHERE username = '" . mysql_real_escape_string($_POST["username"]) . "'";
// there are other tools like PDO and mysqli which are "better" to use. when you understand how SQL works
// then you should use those, but I do recommend starting off with just the mysql_* functions so you
// learn about concepts like SQL injection

// now execute the query
$resultset = mysql_query($query, $con);
// and try to get a row
$user = mysql_fetch_array($resultset);

// if you were able to get a row then that must mean there's some user with username=$_POST[username]
if ($user) { ?>

Site Content


Back To Login.


} else { ?>

Wrong Username


Back To Login.



}

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.