87dave87 Posted May 12, 2007 Share Posted May 12, 2007 Hi, I am trying to create a very simple login page, where the user types their details into this form: - <form method="post" action="members.php" onsubmit="return dis(this)"> <div class="heading">Members Area</div> Username <input name="username" type="text" size="15"> Password <input name="password" type="password" size="15"> <input type="submit" value="Login"> </form> It then should match the results on members.php to those details entered, I want to then display information about the user from the database, see this query example: - <? $name_query = mysql_query("SELECT firstname FROM members WHERE username = '%".mysql_real_escape_string($_POST["username"])."%' and password = '%".mysql_real_escape_string($_POST["password"])."%'") or die( mysql_error() ); <p class="heading">Hello <? while ($name = mysql_fetch_row($name_query)) { foreach ($name as $field) echo "$field"; } ?> </p> ?> All that displays though is 'Hello' and not the first name, which should output: Hello John Quote Link to comment Share on other sites More sharing options...
Karl33to Posted May 12, 2007 Share Posted May 12, 2007 try removing the percentage signs from your query string, they're only used when doing a LIKE query also if you check for a result to the query before trying to loop through it you have a chance of displaying an error message. $result = mysql_query() if(!$result){ die("There was an error with your query"); } while ($name = mysql_fetch_row($name_query)) { foreach ($name as $field) echo "$field"; } etc ... Quote Link to comment Share on other sites More sharing options...
87dave87 Posted May 12, 2007 Author Share Posted May 12, 2007 hey that fixed it, thanks! What code would I need to use on that members page to say 'if username = username from the form and password = password from the form' then carry on, else 'user not found message'? Quote Link to comment Share on other sites More sharing options...
chronister Posted May 13, 2007 Share Posted May 13, 2007 You basically have that. If you return a firstname from the query then you have verified that the username and password match what was entered in the form. Why are you doing a foreach inside a while loop?? Is there a valid reason for looping inside a loop? $query="SELECT firstname FROM members WHERE username = mysql_real_escape_string($_POST["username"])' and password = 'mysql_real_escape_string($_POST["password"]); $result = mysql_query($query); if(!$result){ die("There was an error with your query"); } while ($name = mysql_fetch_object($query)) { echo 'Hello '. $name->firstname; }; Quote Link to comment Share on other sites More sharing options...
87dave87 Posted May 13, 2007 Author Share Posted May 13, 2007 Hi, I tried the above, this is my code: - <? $name_query = mysql_query("SELECT firstname FROM members WHERE username = '".mysql_real_escape_string($_POST["username"])."' and password = '".mysql_real_escape_string($_POST["password"])."'"); $details_query = mysql_query("SELECT memberid, firstname, surname, DATE_FORMAT(joined, '%d %b %Y'), rentals FROM members WHERE username = '".mysql_real_escape_string($_POST["username"])."' and password = '".mysql_real_escape_string($_POST["password"])."'"); $due_query = mysql_query("SELECT rentalsdue, DATE_FORMAT(rentalsduedate, '%d %b %Y') FROM members WHERE username = '".mysql_real_escape_string($_POST["username"])."' and password = '".mysql_real_escape_string($_POST["password"])."'"); $result = mysql_query($name_query); ?> <p class="heading"> <? if(!$result){ echo "<script>window.location='index.php'</script>"; } while ($name = mysql_fetch_row($name_query)) { echo "Hello "; foreach ($name as $field) echo "$field"; } ?> It redirects even if the username/password is correct. Quote Link to comment Share on other sites More sharing options...
Karl33to Posted May 13, 2007 Share Posted May 13, 2007 the check that you are doing to see if the query ran properly is actually running a query against the result of the query that you ran earlier in your code. jeez thats a bad explanation.... i'll explain further...... your variable, $name_query is actually storing the result of the query rather than the sql code itself, so when you are trying to run the query with $result = mysql_query($name_query); you are actually trying to query the result of a query you have already run simple fix is... where you have $name_query = mysql_query("SELECT firstname FROM members WHERE username = replace with $name_query = "SELECT firstname FROM members WHERE username = ..............." and double check whether you actually need to run the other $details_query and $due_query queries where they are Quote Link to comment Share on other sites More sharing options...
87dave87 Posted May 13, 2007 Author Share Posted May 13, 2007 it works fine without, if I add that it shows an error. Quote Link to comment Share on other sites More sharing options...
Karl33to Posted May 13, 2007 Share Posted May 13, 2007 i'm guessing that the error is now something to do with trying to fetch a row from the sql string rather than from a result, in which case you will also need to rename this bit from while ($name = mysql_fetch_row($name_query)) to while ($name = mysql_fetch_row($result)) Quote Link to comment Share on other sites More sharing options...
87dave87 Posted May 13, 2007 Author Share Posted May 13, 2007 this is what I now have then: - <? $name_query = "SELECT firstname FROM members WHERE username = '".mysql_real_escape_string($_POST["username"])."' and password = '".mysql_real_escape_string($_POST["password"])."'"; $details_query = mysql_query("SELECT memberid, firstname, surname, DATE_FORMAT(joined, '%d %b %Y'), rentals FROM members WHERE username = '".mysql_real_escape_string($_POST["username"])."' and password = '".mysql_real_escape_string($_POST["password"])."'"); $due_query = mysql_query("SELECT rentalsdue, DATE_FORMAT(rentalsduedate, '%d %b %Y') FROM members WHERE username = '".mysql_real_escape_string($_POST["username"])."' and password = '".mysql_real_escape_string($_POST["password"])."'"); $result = mysql_query($name_query); ?> <p class="heading"> <? if(!$result){ echo "<script>window.location='index.php'</script>"; } while ($name = mysql_fetch_row($result)) { echo "Hello "; foreach ($name as $field) echo "$field"; } ?> It logs in, but the redirect isnt working now ??? Quote Link to comment Share on other sites More sharing options...
87dave87 Posted May 14, 2007 Author Share Posted May 14, 2007 any help would be appreciated Quote Link to comment Share on other sites More sharing options...
chronister Posted May 14, 2007 Share Posted May 14, 2007 <?php $name_query = "SELECT firstname FROM members WHERE username = '".mysql_real_escape_string($_POST["username"])."' and password = '".mysql_real_escape_string($_POST["password"])."'"; $details_query = mysql_query("SELECT memberid, firstname, surname, DATE_FORMAT(joined, '%d %b %Y'), rentals FROM members WHERE username = '".mysql_real_escape_string($_POST["username"])."' and password = '".mysql_real_escape_string($_POST["password"])."'"); $due_query = mysql_query("SELECT rentalsdue, DATE_FORMAT(rentalsduedate, '%d %b %Y') FROM members WHERE username = '".mysql_real_escape_string($_POST["username"])."' and password = '".mysql_real_escape_string($_POST["password"])."'"); $result = mysql_query($name_query); if(mysql_num_rows > 0) // This says if any results are returned .... { while($row=mysql_fetch_object($result)) // while there are results to display { echo '<p class="heading"> Hello,'. $row->firstname; // echo Hello "FIRST NAME" } } else // else there were no results returned { echo "<script>window.location='index.php'</script>"; // so echo the redirect statement } ?> Try that, I restructured the code a little. Nate Quote Link to comment Share on other sites More sharing options...
87dave87 Posted May 15, 2007 Author Share Posted May 15, 2007 I tried the above code, if the user/pass is wrong it redirects, BUT it still redirects if the user/pass is right. See: http://www.buttonbash.com/vortexvideos/index.php type anything in the login box to see what happens with the wrong user/pass. Quote Link to comment Share on other sites More sharing options...
chronister Posted May 15, 2007 Share Posted May 15, 2007 I noticed an error in my code. I forgot to make the mysql_num_rows in to a function e.g. mysql_num_rows(). Take a look at your code. If you have it as mysql_num_rows vs. mysql_num_rows($result), then it will return an error. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.