Jump to content

[SOLVED] PHP and MySql Select * FROM where help

zpearldrummerz

By zpearldrummerz
in PHP Coding Help

 Share

Recommended Posts

zpearldrummerz Newbie

zpearldrummerz

Posted
Posted

I'm working on a simple login script. i have a mysql db named BandSpace with the table admin to hold the admin username and passwords. the problem i'm having is when i try and use a variable $User in the where clause, it comes up as unknowm column 'username' in where clause.

<?PHP
mysql_connect("localhost","BandSpace","ra2001") or die(mysql_error());
mysql_select_db("BandSpace") or die(mysql_error());
$User = $_POST['UserName'];
$Pass = $_POST['PassWord'];
$Pass = md5($Pass);
$result = mysql_query("SELECT * FROM admin WHERE UserName='$User' ") or die(mysql_error());  
$row = mysql_fetch_array( $result );
$iUsername = $row['UserName'];
$iPassWord = $row['PassWord'];
if($iUsername == $User) {
	if($iPassWord == $Pass){
		header('Location: Admin.php');
	}
} else {
	header('Location: no.php');
           }
?>

 

Thats what i have right now, that isn't coming up with the unknown column though. I just get a completey blank page, like you would get if you forget a ";" or the " and ' are conflicting ect. anyone know what the problem could be. everything works fine if i put in the actuall user name like 

("SELECT * FROM admin WHERE UserName='username'");

gazalec Member

gazalec

Posted
Posted

The problem is spelling and capitalization, in your code you have 'UserName' but that is different from USERNAME and username or UsErNaMe so check your database for the column name.

 

sorry didn't read the full post,

 

the problem with the variables is you have to stopn the html string to put in a php variable

 

instead of 

$result = mysql_query("SELECT * FROM admin WHERE UserName='$User' ") or die(mysql_error());

 

try 

$result = mysql_query("SELECT * FROM admin WHERE UserName='".$User."' ") or die(mysql_error());

 

you have to concatinate your strings and variables

gazalec Member

gazalec

Posted
Posted

try what i posted before, notice the first is yours and $User is in red, PHP is treating it like HTML which you dont want to happen and notice in the one below it is in blue, so PHP is treating it as a PHP variable and that is what you want

 

Just post back if you get an errors

zpearldrummerz Newbie

zpearldrummerz

Posted
  • Author
Posted

thanks for the help, i'll fix what you said, but another thing i thing my problem is withing my database, i had the password field limited to characted, and i needed it to use the md5 format, which i'm just figureing out uses more that 16 characters to encrpyt a 6 letter password

suttercain Advanced Member

suttercain

Posted
Posted

Hello,

 

I would not post this:

mysql_connect("localhost","BandSpace","ra2001") or die(mysql_error());
mysql_select_db("BandSpace") or die(mysql_error());

 

in a public forum someone might try and hack you.  Should use this when posting in a forum for security reasons:

mysql_connect("localhost","user","password") or die(mysql_error());
mysql_select_db("database") or die(mysql_error());

 

Just a friendly tip. :)

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.