2nd opinion

[georegjlee]

Can anyone see soomething wrong with this php code. I am not getting any result from the database and can't understand why. Any help appreciated. Thanks

<?php
if ((!$_POST[username]) || (!$_POST[userpassword])) {
header ("Location: index.html");
exit;
}
$username = $_POST['username'];
$userpassword = $_POST['userpassword'];
//connection to the database
$dbhandle = mysql_connect("localhost", "root", "")
  or die("Couldn't connect to SQL Server on $myServer");

//select a database to work with
$selected = mysql_select_db("waterways", $dbhandle)
  or die("Couldn't open database myDB");
  
$query = "Select * From members Where members.member_id = '$username' AND members.member_pass = password('$userpassword')";

//execute the SQL query and return records
$result = mysql_query($query);

while ($row = mysql_fetch_array($result)) {
print_r ("$row");
}

$num = mysql_num_rows ($result);
//$un = $_POST[username]

//if ($num != 0) {
//	$msg = "<p>Cogratulations your now loged in.</p>";
//} else {
//	header("Location: index.htm");
//	exit;
//}
mysql_close($dbhandle);
?>
<html>
<head>
<title>Login</title>
</head>
<body>
<?php 
print ($num); 
print ($username);
print ($userpassword);
?>
</body>
</html>

[Lumio]

Maybe because of

<?php
if ((!$_POST[username]) || (!$_POST[userpassword])) {
header ("Location: index.html");
exit;
}
?>

[georegjlee]

It dosn't go into that when I run it unless I leave a field blank. $num is allways 0 even if there is a I enter something that is in the database. I think the problm may be the SQL statement.

[shaunrigby]

while ($row = mysql_fetch_array($result)) {
print_r ("$row");
}

 

This may be your problem, try

while ($row = mysql_fetch_array($result)) {
print $row['member_id'];
}

[shaunrigby]

Select * FROM `members` WHERE `member_id` = '$username' AND `member_pass` = '$userpassword'

 

Why did you have $userpassword wrapped in a password function?

 

is this a custom function that encryts the password?

 

If so, try hashing the password before passing it to SQL,

eg

 

$userpassword = sha1($userpassword);

[georegjlee]

No it's not that. Its not even getting into that while loopbecause there are no result from the SQL query.

[trq]

You really need to wrap queries in some error handling or they will generate errors.

[code=php:0]
<?php

  $sql = "SELECT * FROM members WHERE member_id = '$username' AND member_pass = password('$userpassword')";
  if ($result = mysql_query($sql)) {
    if (mysql_num_rows($result)) {
      while($row = mysql_fetach_assoc($result)) {
        print_r($row);
      }
    } else {
      echo "No rows found";
    }
  } else {
    echo "Query failed $sql<br />".mysql_error();
  }

?>

 

Also note that mysql's password function is not intended for use in client code. It is an internal function. Using it prevents (or makes very difficult) your database from being upgraded.

   

[shaunrigby]

Try changing your SQL statement to that above...

[per1os]

$query = "Select * From members Where members.member_id = '$username' AND members.member_pass = password('$userpassword')";

//execute the SQL query and return records
$result = mysql_query($query) or DIE(mysql_error());

 

Does an error come up?

[georegjlee]

I think it was the password funstion that was causing the trouble. Thanks. Seems to be working now.