craige Posted September 24, 2007 Share Posted September 24, 2007 in this code there is an invalid mysql on line 54 and 55 can anyone help <?php session_start(); include_once"includes/db_connect.php"; if (strip_tags($_GET['logout']) == "yes") if (strip_tags($_GET['login']) == "yes"){ session_destroy(); }elseif (isset($_SESSION['username'])){ header("Location: logged_in.php"); exit(); } if ($_POST['Submit'] && strip_tags($_POST['username']) && strip_tags($_POST['password'])){ $username = addslashes(strip_tags($_POST['username'])); $password = addslashes(strip_tags($_POST['password'])); $ip = $REMOTE_ADDR; ///check INFO $sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' AND activated='1' LIMIT 1"); $login_check = mysql_num_rows($sql); $inf = mysql_fetch_object($sql); if ($login_check == "0"){ $message="You could not be logged in"; }elseif ($login_check != "0"){ if ($login_check > "0"){ if ($inf->status == "Dead"){ include_once"dead.php"; exit(); } if ($inf->status == "Banned"){ $encoded=md5(strtolower($username)); header("Location: banned.php?banned=$username&encoded=$encoded"); exit(); } session_register('username'); $_SESSION['username'] = $inf->username; mysql_query("UPDATE users SET l_ip='$ip' WHERE username='$username'"); header("Location: logged_in.php"); } else { $message= "Incorrect Username or Password<br />"; }}} ?> <link href="main.css" rel="stylesheet" type="text/css"> <html> <style type="text/css"> <!-- .style4 {font-size: 12px} .style7 {font-size: xx-large} --> </style> <head> <title>Thugs True Life | Please Login</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body bgcolor="#555555" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <div align="center"> <form name="form1" method="post" action=""> <br> <img src="banner1.jpg"><br> <center><tr> <td> </td> </tr> </center> <br> <table width="400" border="1" cellspacing="0" bordercolor="#000000" bgcolor="#666666"> <tr> <td><a href="register.php"><img src="game images/images/Login_02.gif" width="219" height="70" border="0"></a><a href="lost.php"><img src="game images/images/Login_03.gif" width="198" height="70" border="0"></a><a href="story.php"><img src="game images/images/Login_04.gif" width="203" height="70" border="0"></a><a href="faq.php"><img src="game images/images/Login_05.gif" width="214" height="70" border="0"></a></td> </tr> <tr> <td align="center" valign="top" bgcolor="#999999"><p class="style4"><br /> <font color=darkred size=5><b><center></center><b></font><br /> <br /> <img src="game images/username.jpg" width="150" height="25" alt="UserName"> <input name="username" type="text" id="username" value="" size="30" maxlength="40" /> <br /> <br /> <img src="game images/Password.jpg" width="150" height="25" alt="Password"> <input name="password" type="password" id="password2" value="" size="30" maxlength="40" /> <br /> <br /> <input type="submit" name="Submit" value="Login" /> </p> <table width="136" border="1" align="center" cellpadding="2" cellspacing="0" bordercolor=black class="thinline"> <tr> <td height="27" background="includes/grad.jpg"><center> Total Online </center></td> </tr> <tr> <td height="41" bgcolor="666666"><div align="center"><font color="#ffffff"><?php echo "$num"; ?></font> </div></td> </tr> </table> <p class="style4"><br /> </p></td> </tr> <tr> <th height="23" scope="row" bgcolor="#666666"><p> </p></th> </tr> <tr> <th height="22" scope="row" bgcolor="#666666"><p><center> </p></th> </tr> </table> </form> <!-- End ImageReady Slices --> </div> </body> </html> EDITED BY WILDTEEN88: Please use code tags ( ) when posting code Quote Link to comment Share on other sites More sharing options...
Fadion Posted September 24, 2007 Share Posted September 24, 2007 First use [ code ] [ /code ] tags so the functions and strings get colored. Second theres no need of posting the entire code. Just post 4-5 lines in the part ure getting the error, in this case lines 54-55. Quote Link to comment Share on other sites More sharing options...
macinslaw Posted September 24, 2007 Share Posted September 24, 2007 I tried to count the lines in your code and got to around where your sql call is to check the user and password. I have never seen anyone combine the query with the execution command before. Just for kicks, (if my count is accurate), I would seperate the following command: $sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' AND activated='1' LIMIT 1"); To: $sql = "SELECT * FROM users WHERE username='$username' AND password='$password' AND activated='1' LIMIT 1"; $r=mysql_query($sql); if (!$r) { echo "Unable to query data." session_destroy(); exit; } I hope I have helped some. -Mac Quote Link to comment Share on other sites More sharing options...
Fadion Posted September 25, 2007 Share Posted September 25, 2007 I have never seen anyone combine the query with the execution command before. With that u mean u never saw someone writing the string query inside mysql_query()? But just saw it written as $sql="SELECT..."; mysql_query($sql)??? If my assumption is right then u probably havent seen too much, as its a very common coding method. U could use: $sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' AND activated='1' LIMIT 1") or die(mysql_error()); so u know whats happening. To me the query looks alright but u may have problems in the connection. Quote Link to comment Share on other sites More sharing options...
TheFilmGod Posted September 25, 2007 Share Posted September 25, 2007 Although your query shouldn't have any problems, I do have to question the use of " * ". You can easily go around this. Selecting the whole table in mysql is a huge no no. You can just tell mysql to select username from users instead of using the where clause. - I would recommend it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.