PHP select from database and compare result Problem

[IlaminiAyebatonyeDagogo]

My Boss Good day and Good day evry1 in here happy Sunday. i have a php script dat is suposse to register users into a database. bt 1st i want it to chk d user password with a pin code in the data base and the user password and if my db pin match den we add the user details to the database else we echo an error bt i dnt seem to b getting it. please help me dis d php script:

 $connect=mysql_connect("$host","$user","$password")
  or die("Bross why na, change the localhost to example site.com without www. ");
  $select=mysql_select_db("$db_name")
  or die("dagogo change the db");
  
  //collection data from registration form and processing encrypting it
  $first_name=($_POST["First_Name"]);//user 1st name
  $last_name=($_POST["Last_Name"]);//user last name
 $username=($_POST["UserName"]);//user special User name
 $phone=($_POST["Phone"]);//user phone number
 $email=($_POST["email"]);//user email address
 $password=($_POST["password"]);//user password
 
     //checking the pin with pin in the database
 
 $query=mysql_query("SELECT * FROM pin_code WHERE pin='$password'");
 $numrows=mysql_num_rows($query);
 if($numrows!=0)
 {
 while($row =mysql_fetch_assoc($query))
 {
 
 $dbpassword=$row['pin'];
 
 }
 if($password==$dbpassword)
 {
 
 
 //inserting the form details into the database.
 mysql_query("INSERT INTO users(first_name,last_name,username,phone,email,password)VALUES('$first_name','$last_name','$username','$phone','$email','$password')")or die ("Registration failed");
 }
}
 else
 {
 echo"dagogo";
 }
 

its echos d error dagogo even wen i put in the right pin please help

 

PARAMETERS $row['pin']  is d field in d database table ie pin

[Ch0cu3r]

Is the pin code the same as the users password?

 $query=mysql_query("SELECT * FROM pin_code WHERE pin='$password'");

The above query will select records where the pin matches $password

[IlaminiAyebatonyeDagogo]

yes it is dey are suppose 2 pay 4 pin code and use as dere password wen registring

[Ch0cu3r]

Sorry, please post in full English not text speak.

 

 

yes it is dey are suppose 2 pay 4 pin code and use as dere password wen registring

I don't understand that.

 

please give examples.

[IlaminiAyebatonyeDagogo]

ohh am sorry you ask if:

 

Is the pin code the same as the users password?

I answered Yes.

Reason been that they will buy the pin code from web master and use then use it as their password when registering on the site and the pin code will be inserted into the database. so when the user buy a database inserted pincode he use it as it password and then register with it. so he will be allowed bcos d pin code is in the database

[Ch0cu3r]

You're getting the dagogo message because the following query is not returning any results where the pin matches the entered pass code ($password).

 $query=mysql_query("SELECT * FROM pin_code WHERE pin='$password'");

How are you storing the pin codes in the pin_code table? Can you provide an example of what your pin codes look like.

[IlaminiAyebatonyeDagogo]

You're getting the dagogo message because the following query is not returning any results where the pin matches the entered pass code ($password).

 $query=mysql_query("SELECT * FROM pin_code WHERE pin='$password'");

How are you storing the pin codes in the pin_code table? Can you provide an example of what your pin codes look like.

pin is name of field in the pin_code and then add a dumie data say 1234dagogo now wen am registring i would use 1234dagogo as d password and on my database pin_code is the table which u know and pin is the name of the field

[Barand]

Your code searches for rows where pin = password then goes on to check if the pin in found rows is equal to the password. Waste if time - if it finds them they must be equal.

[IlaminiAyebatonyeDagogo]

what is wrong it i knw dat is wot it dos

[alpine]

You are overcomplicating things, something like this

 <?php

$query = mysql_query("SELECT * FROM pin_code WHERE pin = '".htmlspecialchars($password, ENT_QUOTES)."'");

 if(mysql_num_rows($query) == '1'){
   // Pin found - create user with kung-fu query
 }
 else{
   echo 'Pin not found';
 }

?>

[IlaminiAyebatonyeDagogo]

THANKS 1st man to paste a Script Thanks a lot am greatful

[IlaminiAyebatonyeDagogo]

same tin nt working

alpine thanks again bt it didnt wok

[alpine]

You need to debug your submitted formdata as you encounter problems,

and make sure the pin actually exists in database AND that it isnt encrypted in any way.

If its stored encrypted, you need to encrypt the posted password in order to match them!

Also, this example looks for ONE record of that exact pin code, if its stored several pins with the same value in db, this query will fail !!

 <?php

$query = mysql_query("SELECT * FROM pin_code WHERE pin = '".htmlspecialchars($password, ENT_QUOTES)."'");

 if(mysql_num_rows($query) == '1'){
   // Pin found - create user with kung-fu query
 }
 else{
   echo '<p>Pin not found</p>';
   echo '<p>Posted Pin: '.$password.'</p>; // <--- is this displayed value the exact value stored in db ????
 }

?>

[IlaminiAyebatonyeDagogo]

ooooookkkk u r tooo goood my master i encrypt my form pass and the database pin is not i think dat z d cos i av applied ur method and it work

[IlaminiAyebatonyeDagogo]

now i av hash only my insert into database and unhash my compare with pin alpine u r a pure genius

[IlaminiAyebatonyeDagogo]

Alpine i love you am very greatful you dnt knw what you have done for me am very happy. thank we have you in this forum