stevew Posted June 17, 2012 Share Posted June 17, 2012 I have the following script working as intended...just wondering how would I have a user enter their username/password versus injecting the info via $SQL = "INSERT INTO ? <?PHP $user_name = ""; $password = ""; $database = ""; $server = "127.0.0.1"; $db_handle = mysql_connect($server, $user_name, $password); $db_found = mysql_select_db($database, $db_handle); if ($db_found) { $SQL = "INSERT INTO tb_address_book (Username, Password) VALUES ('bill','billspassword')"; $SQL = "SELECT * FROM login_test"; $result = mysql_query($SQL); while ($db_field = mysql_fetch_assoc($result)) { print $db_field['ID'] . "<BR>"; print $db_field['Username'] . "<BR>"; print $db_field['Password'] . "<BR>"; } $result = mysql_query($SQL); mysql_close($db_handle); } else { print "Database NOT Found "; mysql_close($db_handle); } ?> This is the login part I am playing with. Obviously it needs to access the login_test table to confirm the user/passwords...currently it is just manually checking "itself" which is not feasible unless I am going to code in every user on the site. <?PHP if (isset($_POST['Submit1'])) { $username = $_POST['username']; $password = $_POST['password']; if ($username == "bill" && $password =="billspassword") { print ("Welcome back, friend!"); } else if ($username == "tom" && $password =="tomspassword") { print ("Welcome back, friend!"); } else { print ("You're not a member of this site"); } } else { $username =""; } ?> </head> <body> <Form name ="form1" Method ="POST" Action ="login_form.php"> <Input Type = "text" VALUE="<?PHP print $username ; ?>" Name ="username"> <Input Type = "text" VALUE="<?PHP print $password ; ?>" Name ="password"> <Input Type = "Submit" Name = "Submit1" Value = "Login"> </FORM> </body> </html> Quote Link to comment Share on other sites More sharing options...
Jakebert Posted June 17, 2012 Share Posted June 17, 2012 You can actually insert PHP variables into MySQL queries by placing single quotes around them like this: <?php $sql = mysql_query ("SELECT COUNT (*) FROM login_test WHERE username = '$username' AND password = '$password'"); $rows = mysql_fetch_array($sql);?> The code above will look through your table and see how many rows exist with the username and password entered. If the the number is one (i.e. the login was correct), then you can log them in: <?php if ($rows[0]) == 1) { print ("Welcome back, friend!"); } else { print("You aren't logged in!"); } ?> Hope that answers your question! Quote Link to comment Share on other sites More sharing options...
stevew Posted June 19, 2012 Author Share Posted June 19, 2012 Yes that was very helpful thanks. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.