PHP Login Help Please

[avh13]

Hi,

 

I am new to php and I am having trouble with a php login code for website I am making. I am getting a response saying "notice undefined variable row"

 

this is what I have thus far: How would I define that row? 

<?php

 

$db_usr= $_POST["userid"];

$db_pswd= $_POST["password"];

$con=mysql_connect("localhost",$db_user,$db_pass, $db_name);

if(! $con)

{

        die('Connection Failed'.mysql_error());

}

mysql_select_db("*****",$con);

$sql=mysql_query("SELECT * FROM users WHERE userid='name' and password='password'");

$result=mysql_query($sql);

{

    if($row["userid"]==$db_usr && $row["password"]==$db_pswd)

        echo "Welcome Back  $db_usr "; 

    else

        echo "Sorry  $db_usr";

}

?>

[Love2c0de]

This logic seems really off key to me.

 

So, the values $_POST["userid"] and $_POST["password"] come from the form yes? Are they values which the user enters?

 

With your mysql_connect() function, it takes only 3 parameter, but but you have specified 4 making me think you have got mixed up the with mysqli_ connect() extension which takes 4 - (host,user,password,db).

 

mysql_connect() takes 3 - host, user, pass.

 

You then connect to the database using mysql_select_db() - accepting 2 parameters the database name/variable and the link/connection variable.

 

Having said that, you should really be using the mysqli_ extension as mysql standard declaration has been deprecated as of 5.5.0.

 

Kind regards,

 

L2c.

[avh13]

Thank you for your response! Yes those are  the values the user will put in

[DaveyK]

The $row variable you are using isn't set anywhere. After result you should do something like $row = mysql_fetch_assoc($result);

 

Also, put code in code brackets, identified by the "<>" icon.

[Love2c0de]

Try changing your code to this and see if it helps you:

 
$db_usr= $_POST["userid"];
$db_pswd= $_POST["password"];
$con=mysql_connect("localhost",$db_user,$db_pass, $db_name);
if(! $con)
{
        die('Connection Failed'.mysql_error());
}
mysql_select_db("*****",$con);
$sql=mysql_query("SELECT * FROM users WHERE userid={$db_usr} and password={$db_pswd}");
 
$rows = mysql_num_rows($sql);
 
if($rows == 1)
{
     echo "Welcome back, ".$db_usr;
}
else
{
    echo "You did not enter a correct username/password.";
}
 

You would also set a session if you are looking to create a user login system. Sessions retain their value when navigating through different pages on your website. A standard variable will not work as once the script ends, the standard variables' value is lost.

 

Regards,

 

L2c.

Edited May 7, 2013 by Love2c0de

[DaveyK]

Try changing your code to this and see if it helps you:

 
$db_usr= $_POST["userid"];
$db_pswd= $_POST["password"];
$con=mysql_connect("localhost",$db_user,$db_pass, $db_name);
if(! $con)
{
        die('Connection Failed'.mysql_error());
}
mysql_select_db("*****",$con);
$sql=mysql_query("SELECT * FROM users WHERE userid={$db_usr} and password={$db_pswd}");
 
$rows = mysql_num_rows($sql);
 
if($rows == 1)
{
     echo "Welcome back, ".$db_usr;
}
else
{
    echo "You did not enter a correct username/password.";
}
 

You would also set a session if you are looking to create a user login system. Sessions retain their value when navigating through different pages on your website. A standard variable will not work as once the script ends, the standard variables' value is lost.

 

Regards,

 

L2c.

 

This code would only work if every single user who signed up with the site actually has a PMA accoutn as well...

 

More seriously, think SQL INJECTION. This is not the way to prevent it.

[Love2c0de]

More seriously, think SQL INJECTION. This is not the way to prevent it.

 

Of course, had the topic continued I would told him about the dangers of putting data straight into a query but he didn't seem to reply so never got the chance.

 

I believe he could be back when he has some unexpected results

 

Regards,

 

L2c.