franknu Posted July 23, 2007 Share Posted July 23, 2007 Ok, i want to create a control panel for some users to insert or update news my problem is that it it saying that there is no user with the password and user name that i am inserting but there is a user that match that criteria here is my code $conn = mysql_connect($host, $username, $password) or die ('there is ' .mysql_error()); $db = mysql_select_db($database, $conn) or die('Could not connect to database. ' .mysql_error()); $headline = addslashes ($_POST['headline']); $body = addslashes($_POST['body']); $writer = addslashes($_POST['writer']); $date= addslashes($_POST['date']); $picture = addslashes($_POST['$picture']); $user = addslashes($_POST['$user']); $password= addslashes($_POST['$password']); if ( isset($_POST['user']) && isset($_POST['password']) ) { $query = mysql_query("SELECT * FROM news WHERE `user`='$user' AND `password` ='$password'"); } if (mysql_num_rows > 0) { $row = mysql_fetch_assoc($result); $NewsID= $row['NewsID']; $headline = $row['headline']; $body = $row['body']; $writer= $row['writer']; $date = $row['Keyword']; $picture = $row['picture']; } else { echo "<p><b>username and/or password not found. Try again?</b></p>"; exit; } echo"$query"; ?> Quote Link to comment Share on other sites More sharing options...
franknu Posted July 23, 2007 Author Share Posted July 23, 2007 ok with this code it does all the opposite it goes in without verifying the user and password if ( isset($_POST['user']) && isset($_POST['password']) ) { $query = mysql_query("SELECT * FROM news WHERE `user`='$user' AND `password` ='$password'"); } if ($result = mysql_query($query)) { if (mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); $NewsID= $row['NewsID']; $headline = $row['headline']; $body = $row['body']; $writer= $row['writer']; $date = $row['Keyword']; $picture = $row['picture']; } else { echo "<p><b>username and/or password not found. Try again?</b></p>"; exit; } } echo"$query"; ?> Quote Link to comment Share on other sites More sharing options...
pocobueno1388 Posted July 23, 2007 Share Posted July 23, 2007 On this line: if (mysql_num_rows > 0) { You didn't tell it which query to use with the mysql_num_rows. Try this code: <?php $conn = mysql_connect($host, $username, $password) or die('there is ' .mysql_error()); $db = mysql_select_db($database, $conn) or die('Could not connect to database. ' .mysql_error()); $headline = addslashes($_POST['headline']); $body = addslashes($_POST['body']); $writer = addslashes($_POST['writer']); $date= addslashes($_POST['date']); $picture = addslashes($_POST['$picture']); $user = addslashes($_POST['$user']); $password= addslashes($_POST['$password']); if (isset($_POST['user']) && isset($_POST['password']) ) { $query = mysql_query("SELECT * FROM news WHERE `user`='$user' AND `password` ='$password'"); if (mysql_num_rows($query) > 0) { $row = mysql_fetch_assoc($result); $NewsID= $row['NewsID']; $headline = $row['headline']; $body = $row['body']; $writer= $row['writer']; $date = $row['Keyword']; $picture = $row['picture']; } else { echo "<p><b>username and/or password not found. Try again?</b></p>"; exit; } } ?> Quote Link to comment Share on other sites More sharing options...
franknu Posted July 23, 2007 Author Share Posted July 23, 2007 it is not doing the user identification. Quote Link to comment Share on other sites More sharing options...
redarrow Posted July 23, 2007 Share Posted July 23, 2007 <?php $conn = mysql_connect($host, $username, $password) or die('there is ' .mysql_error()); $db = mysql_select_db($database, $conn) or die('Could not connect to database. ' .mysql_error()); $headline = addslashes($_POST['headline']); $body = addslashes($_POST['body']); $writer = addslashes($_POST['writer']); $date= addslashes($_POST['date']); $picture = addslashes($_POST['$picture']); $user = addslashes($_POST['$user']); $password= addslashes($_POST['$password']); if (isset($_POST['user']) && isset($_POST['password']) ) { $query = mysql_query("SELECT * FROM news WHERE `user`='$user' AND `password` ='$password'"); if (mysql_num_rows($query) > 0) { while($row = mysql_fetch_assoc($result)){ $NewsID= $row['NewsID']; $headline = $row['headline']; $body = $row['body']; $writer= $row['writer']; $date = $row['Keyword']; $picture = $row['picture']; } else { echo "<p><b>username and/or password not found. Try again?</b></p>"; exit; } } } ?> Quote Link to comment Share on other sites More sharing options...
franknu Posted July 23, 2007 Author Share Posted July 23, 2007 i am gettin this on the line where there is a else Parse error: syntax error, unexpected T_ELSE in Quote Link to comment Share on other sites More sharing options...
redarrow Posted July 23, 2007 Share Posted July 23, 2007 add another } to the end ok. Quote Link to comment Share on other sites More sharing options...
trq Posted July 23, 2007 Share Posted July 23, 2007 The lines... $user = addslashes($_POST['$user']); $password= addslashes($_POST['$password']); should be.... $user = addslashes($_POST['user']); $password= addslashes($_POST['password']); Quote Link to comment Share on other sites More sharing options...
franknu Posted July 23, 2007 Author Share Posted July 23, 2007 well, it is just going through without doing user identification here is my code <? $host = "localhost"; $username = "d"; $password = "asas"; $database = "asdasd"; $conn = mysql_connect($host, $username, $password) or die('there is ' .mysql_error()); $db = mysql_select_db($database, $conn) or die('Could not connect to database. ' .mysql_error()); $headline = addslashes($_POST['headline']); $body = addslashes($_POST['body']); $writer = addslashes($_POST['writer']); $date= addslashes($_POST['date']); $picture = addslashes($_POST['$picture']); $user = addslashes($_POST['user']); $password= addslashes($_POST['password']); if (isset($_POST['user']) && isset($_POST['password']) ) { $query = mysql_query("SELECT * FROM news WHERE `user`='$user' AND `password` ='$password'"); if (mysql_num_rows($query) > 0) { while($row = mysql_fetch_assoc($result)) { $NewsID= $row['NewsID']; $headline = $row['headline']; $body = $row['body']; $writer= $row['writer']; $date = $row['Keyword']; $picture = $row['picture']; } } else { echo "<p><b>username and/or password not found. Try again?</b></p>"; exit; } } ?> Quote Link to comment Share on other sites More sharing options...
redarrow Posted July 23, 2007 Share Posted July 23, 2007 try this ok. editted ok <?php $host = "localhost"; $username = "d"; $password = "asas"; $database = "asdasd"; $conn = mysql_connect($host, $username, $password) or die('there is ' .mysql_error()); $db = mysql_select_db($database, $conn) or die('Could not connect to database. ' .mysql_error()); $headline = addslashes($_POST['headline']); $body = addslashes($_POST['body']); $writer = addslashes($_POST['writer']); $date= addslashes($_POST['date']); $picture = addslashes($_POST['picture']); $user = addslashes($_POST['user']); $password= addslashes($_POST['password']); if (isset($_POST['user']) && isset($_POST['password']) ) { $query = "SELECT * FROM news WHERE `user`='$user' AND `password` ='$password'"; $result=mysql_query($query)or die("mysql_error()"); if (mysql_num_rows($result) > 0) { while($row = mysql_fetch_assoc($result)){ $NewsID= $row['NewsID']; $headline = $row['headline']; $body = $row['body']; $writer= $row['writer']; $date = $row['Keyword']; $picture = $row['picture']; } }else { echo "<p><b>username and/or password not found. Try again?</b></p>"; exit; } } ?> Quote Link to comment Share on other sites More sharing options...
franknu Posted July 23, 2007 Author Share Posted July 23, 2007 samething, it goes through without identification, it doesnt seem to be checking on anything or the logic is wrong but i done this many time never has this problem before Quote Link to comment Share on other sites More sharing options...
redarrow Posted July 23, 2007 Share Posted July 23, 2007 chage this to or if (isset($_POST['user']) || isset($_POST['password']) ) { Quote Link to comment Share on other sites More sharing options...
franknu Posted July 24, 2007 Author Share Posted July 24, 2007 well now i am getting this even thought i have a user name and password that match username and/or password not found. Try again? Quote Link to comment Share on other sites More sharing options...
AndyB Posted July 24, 2007 Share Posted July 24, 2007 either your logic is mangled or what the database contains isn't what you think it contains. Checking the latter is faster than checking the former. Quote Link to comment Share on other sites More sharing options...
franknu Posted July 24, 2007 Author Share Posted July 24, 2007 ok the database contain the user name and password that i am keyed in but i am getting the wrong password message username and/or password not found. Try again? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.