i have a problem somebody help

[craige]

in this code there is an invalid mysql on line 54 and 55 can anyone help

<?php

session_start();

include_once"includes/db_connect.php";

if (strip_tags($_GET['logout']) == "yes")
if (strip_tags($_GET['login']) == "yes"){

session_destroy();

}elseif (isset($_SESSION['username'])){

header("Location: logged_in.php");

exit();

}







if ($_POST['Submit'] && strip_tags($_POST['username']) && strip_tags($_POST['password'])){

$username = addslashes(strip_tags($_POST['username']));

$password = addslashes(strip_tags($_POST['password']));



$ip = $REMOTE_ADDR;









///check INFO



$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' AND activated='1' LIMIT 1");





$login_check = mysql_num_rows($sql);

$inf = mysql_fetch_object($sql);

if ($login_check == "0"){

$message="You could not be logged in";

}elseif ($login_check != "0"){









if ($login_check > "0"){

if ($inf->status == "Dead"){

include_once"dead.php";

exit();



}

if ($inf->status == "Banned"){

$encoded=md5(strtolower($username));

header("Location: banned.php?banned=$username&encoded=$encoded");

exit();



}



        session_register('username');

        $_SESSION['username'] = $inf->username;











mysql_query("UPDATE users SET l_ip='$ip' WHERE username='$username'");







        header("Location: logged_in.php");



} else {

    $message= "Incorrect Username or Password<br />";



}}}

?> 



<link href="main.css" rel="stylesheet" type="text/css">

<html>

<style type="text/css">

<!--

.style4 {font-size: 12px}

.style7 {font-size: xx-large}

-->

</style>

<head>

<title>Thugs True Life | Please Login</title>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

</head>

<body bgcolor="#555555" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">

<div align="center">



  <form name="form1" method="post" action="">

    <br>

    <img src="banner1.jpg"><br>

<center><tr> 

    <td> </td>

  </tr>

</center>

    <br>

    <table width="400" border="1" cellspacing="0" bordercolor="#000000" bgcolor="#666666">







<tr>

<td><a href="register.php"><img src="game images/images/Login_02.gif" width="219" height="70" border="0"></a><a href="lost.php"><img src="game images/images/Login_03.gif" width="198" height="70" border="0"></a><a href="story.php"><img src="game images/images/Login_04.gif" width="203" height="70" border="0"></a><a href="faq.php"><img src="game images/images/Login_05.gif" width="214" height="70" border="0"></a></td>

</tr>

      <tr>

        <td align="center" valign="top" bgcolor="#999999"><p class="style4"><br />









            <font color=darkred size=5><b><center></center><b></font><br />

            <br />





            <img src="game images/username.jpg" width="150" height="25" alt="UserName">

            <input name="username" type="text" id="username" value="" size="30" maxlength="40" />

                <br />

            <br />

            <img src="game images/Password.jpg" width="150" height="25" alt="Password">

            <input name="password" type="password" id="password2" value="" size="30" maxlength="40" />

            <br />

            <br />

            <input type="submit" name="Submit" value="Login" />

            </p>



          <table width="136" border="1" align="center" cellpadding="2" cellspacing="0" bordercolor=black class="thinline">

            <tr>

              <td height="27" background="includes/grad.jpg"><center>

                Total Online

              </center></td>

            </tr>

            <tr>

              <td height="41" bgcolor="666666"><div align="center"><font color="#ffffff"><?php echo "$num"; ?></font> </div></td>

            </tr>

          </table>

          <p class="style4"><br />

          </p></td>

      </tr>

  <tr>

    <th height="23" scope="row" bgcolor="#666666"><p> </p></th>

  </tr>

    <tr>

    <th height="22" scope="row" bgcolor="#666666"><p><center>

    </p></th>

  </tr>

    </table>

  </form>

  <!-- End ImageReady Slices -->

</div>

</body>

</html>

 

EDITED BY WILDTEEN88: Please use code tags (

) when posting code

[Fadion]

First use [ code ] [ /code ] tags so the functions and strings get colored. Second theres no need of posting the entire code. Just post 4-5 lines in the part ure getting the error, in this case lines 54-55.

[macinslaw]

I tried to count the lines in your code and got to around where your sql call is to check the user and password.  I have never seen anyone combine the query with the execution command before.  Just for kicks, (if my count is accurate), I would seperate the following command:

$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' AND activated='1' LIMIT 1");

To:

$sql = "SELECT * FROM users WHERE username='$username' AND password='$password' AND activated='1' LIMIT 1";
$r=mysql_query($sql);
if (!$r) {
echo "Unable to query data."
session_destroy();
exit;
}

 

I hope I have helped some.

 

-Mac

[Fadion]

I have never seen anyone combine the query with the execution command before.

 

With that u mean u never saw someone writing the string query inside mysql_query()? But just saw it written as $sql="SELECT..."; mysql_query($sql)??? If my assumption is right then u probably havent seen too much, as its a very common coding method.

 

U could use:

 

$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' AND activated='1' LIMIT 1") or die(mysql_error());

 

so u know whats happening. To me the query looks alright but u may have problems in the connection.

[TheFilmGod]

Although your query shouldn't have any problems, I do have to question the use of " * ". You can easily go around this. Selecting the whole table in mysql is a huge no no. You can just tell mysql to select username from users instead of using the where clause. - I would recommend it.