Jump to content

Archived

This topic is now archived and is closed to further replies.

Buyocat

MySQL Query Failure

Recommended Posts

Hi, I'm having the following problem that maybe one of you can help me with. When I query the database with PHP the result I get is FALSE. However when I go through SQLadmin it works. My code for works like this:

$query = "SELECT user_id, username, password, first_name, last_name, email, verify, number_decks, study_interests FROM users WHERE username = 'Buyocat' AND password = MD5 ('password')";
$result = @mysql_query ($query);
if (is_bool($result)) print "Boolean" // this prints
if ($result) {
while ($data = mysql_fetch_array($result, MYSQL_NUM)) print $data[0];
} // that doesn't print

As may be apparent this is a log in script. Insert scripts before this do work using the same machinery. If anyone has any idea what the problem might be I would really appreciate the help.

Share this post


Link to post
Share on other sites
Since you are debugging the code, remove the "@" which suppresses error messages and add an "or die" clause to see what the error is.
[code]<?php
$query = "SELECT user_id, username, password, first_name, last_name, email, verify, number_decks, study_interests FROM users WHERE username = 'Buyocat' AND password = MD5 ('password')";
$result = mysql_query ($query) or die('Problem with query: ' . $query . '<br />' . mysql_error());
if (is_bool($result)) print "Boolean" // this prints
if ($result) {
while ($data = mysql_fetch_array($result, MYSQL_NUM)) print $data[0];
} // that doesn't print
?>[/code]

Ken

Share this post


Link to post
Share on other sites
Thanks for the help ken here is what it says as the error, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '('password')' at line 1". Now before this I had been printing out the Query string and copying it into the MySQL admin which would yield the correct result. MySQL admin still seems to find the query string ok, so I'm not totally sure how I can fix it...


Well I found the error; it was the space between MD5 and the first (. So the working code looks like:
... AND password = MD5('password')...
At any rate, I just read that MD5 is no longer a safe encryption type, so I'm going to drop it altogether for encode or something else.

Share this post


Link to post
Share on other sites
Using MD5 for encrypting passwords is just as safe as it always was. The only MD5 exploits involve creating two brand new strings that predictably have the same hash. It's still quite impossible to decrypt it.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.