cluce Posted May 2, 2007 Share Posted May 2, 2007 here is the code I am using but it will not echo their name. Does anybody have any suggestions on how to do this correctly? <?php $sql = "SELECT f_name, l_name FROM auth_users WHERE username = '".$_POST["username"]."' AND password = PASSWORD('".$_POST["password"]."')"; ?> <?php echo "Welcome", $sql; ?> Quote Link to comment Share on other sites More sharing options...
monk.e.boy Posted May 2, 2007 Share Posted May 2, 2007 Please read this for your site safety: http://en.wikipedia.org/wiki/Sql_injection Are you passing this SQL string to the database and looking at the results? <?php $sql = "SELECT f_name, l_name FROM auth_users WHERE username = '".$_POST["username"]."' AND password = PASSWORD('".$_POST["password"]."')"; $query = mysql_query( $sql, $connection ); if( $row = mysql_fetch_array( $query ) ) { echo 'Welcome '. $row['f_name'] .' '. $row['l_name']; } ?> monk.e.boy Quote Link to comment Share on other sites More sharing options...
trq Posted May 2, 2007 Share Posted May 2, 2007 You really ought to do some tutorials on fetching data from a database. Your code does nothing but sets a string to a variable. <?php <?php $sql = "SELECT f_name, l_name FROM auth_users WHERE username = '{$_POST["username"]}' AND password = '{$_POST["password"]}'"; if ($result = mysql_query($sql)) { if (mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); echo "Welcome {$row['f_name']} {$row['l_name']}<br />"; } else { echo "No user found"; } } else { echo "Query failed<br />$sql<br />" . mysql_error(); } ?> PS: I removed the use of the PASSWORD function form your query as it should NOT be used to store passwords. It is an internal mysql function, not intended for use. Quote Link to comment Share on other sites More sharing options...
cluce Posted May 2, 2007 Author Share Posted May 2, 2007 Thanks. I plan on getting a book. Quote Link to comment Share on other sites More sharing options...
trq Posted May 2, 2007 Share Posted May 2, 2007 Theres a free online book in my signiture. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.