Jump to content


Photo

MySQL Query Failure


  • Please log in to reply
3 replies to this topic

#1 Buyocat

Buyocat
  • Members
  • PipPipPip
  • Advanced Member
  • 267 posts

Posted 27 February 2006 - 07:31 PM

Hi, I'm having the following problem that maybe one of you can help me with. When I query the database with PHP the result I get is FALSE. However when I go through SQLadmin it works. My code for works like this:

$query = "SELECT user_id, username, password, first_name, last_name, email, verify, number_decks, study_interests FROM users WHERE username = 'Buyocat' AND password = MD5 ('password')";
$result = @mysql_query ($query);
if (is_bool($result)) print "Boolean" // this prints
if ($result) {
while ($data = mysql_fetch_array($result, MYSQL_NUM)) print $data[0];
} // that doesn't print

As may be apparent this is a log in script. Insert scripts before this do work using the same machinery. If anyone has any idea what the problem might be I would really appreciate the help.
Looking for some easy-to-use tools?  Try these, https://sourceforge....jects/utils-php -- I made them myself.  They're distinct tools which are easy to understand and use.  See some examples uses at http://www.anotherearlymorning.com

#2 kenrbnsn

kenrbnsn
  • Staff Alumni
  • Advanced Member
  • 8,235 posts
  • LocationHillsborough, NJ, USA

Posted 27 February 2006 - 07:57 PM

Since you are debugging the code, remove the "@" which suppresses error messages and add an "or die" clause to see what the error is.
<?php
$query = "SELECT user_id, username, password, first_name, last_name, email, verify, number_decks, study_interests FROM users WHERE username = 'Buyocat' AND password = MD5 ('password')";
$result = mysql_query ($query) or die('Problem with query: ' . $query . '<br />' . mysql_error());
if (is_bool($result)) print "Boolean" // this prints
if ($result) {
while ($data = mysql_fetch_array($result, MYSQL_NUM)) print $data[0];
} // that doesn't print
?>

Ken

#3 Buyocat

Buyocat
  • Members
  • PipPipPip
  • Advanced Member
  • 267 posts

Posted 27 February 2006 - 09:30 PM

Thanks for the help ken here is what it says as the error, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '('password')' at line 1". Now before this I had been printing out the Query string and copying it into the MySQL admin which would yield the correct result. MySQL admin still seems to find the query string ok, so I'm not totally sure how I can fix it...


Well I found the error; it was the space between MD5 and the first (. So the working code looks like:
... AND password = MD5('password')...
At any rate, I just read that MD5 is no longer a safe encryption type, so I'm going to drop it altogether for encode or something else.
Looking for some easy-to-use tools?  Try these, https://sourceforge....jects/utils-php -- I made them myself.  They're distinct tools which are easy to understand and use.  See some examples uses at http://www.anotherearlymorning.com

#4 wickning1

wickning1
  • Members
  • PipPipPip
  • Advanced Member
  • 405 posts

Posted 27 February 2006 - 11:10 PM

Using MD5 for encrypting passwords is just as safe as it always was. The only MD5 exploits involve creating two brand new strings that predictably have the same hash. It's still quite impossible to decrypt it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users