[SOLVED] Help with login script

[tigomark]

Hello,

 

I am having a problem with a login script not responding how I would hope

 

 
<?php 

session_start(); 


if (isset($_POST['username']) && isset($_POST['password'])){ 
  
  
$username = $_POST['username']; 
$password = $_POST['password']; 


include ("../includes/prefs.php"); 

$db_name = "weekends"; 

$table_name = "users"; 

$connection = @mysql_connect("$host", "$root", "$password") or die("Couldn't connect."); 

$db = @mysql_select_db($db_name, $connection) or die("Couldn't select database."); 

$sql = "SELECT * FROM $table_name 
WHERE username = \"$username\" AND password = \"$password\" 
"; 

$result = @mysql_query($sql, $connection) or die("Couldn't execute query."); 




                        if (mysql_num_rows($result) > 0){ 

                //looks for registered users 
                                $_SESSION['valid_user'] = $username; 
                                        } 
                
                
                } 

?> 

 

Right now if I add the information

 

  

$num_rows = mysql_num_rows($result); 

                echo "$num_rows"; 

 

I get a result of 0 even though I have verified that username and password are correct. I have done a query straight to My_SQL and I do recieve the data I am looking for.

 

Thank you in advance for any help.

[king arthur]

You may need to put backticks around the username and password column names, as they are reserved words in MySQL.

$sql = "SELECT * FROM $table_name 
WHERE `username` = \"$username\" AND `password` = \"$password\" 
";

[Barnacles]

try single quote instead of double quote

 

Your code:

$sql = "SELECT * FROM $table_name

WHERE username = \"$username\" AND password = \"$password\"

";

 

Updated:

$sql = "SELECT * FROM $table_name

WHERE username = '$username' AND password = '$password'

";

 

 

Try this one. I think it may be ok.

[tigomark]

Thank your for your suggestions. I had used the varible $password for both the connection and the query.