gwood_25 Posted October 10, 2007 Share Posted October 10, 2007 Hello, I have a simple login form that passes its variables to a php script to authenticate a user and redirect to the appropriate page. The problem is the redirect is not working even when I hard code a valid username and password into the query. I know the query works because I have tested the sql statement against the db and it returns the correct result. My code is below... <?PHP session_start(); header("Cache-Control: no-cache, must-revalidate"); include 'connection.php'; $User = $_POST["user"]; $Pass = $_POST["pass"]; $result = mysql_query("select ID, users.FirstName, users.LastName from users where users.UserName ='".$User."' and users.Password ='".$Pass."'"); $num_rows = mysql_num_rows($result); if($num_rows >0) { $_SESSION['User'] = $row['FirstName'] + " " + $row['LastName']; $link = "main.php"; } else { session_destroy(); $link = "login.php"; } header("Location:".$link); ?> Please note... I am always returned to the login.php page regardless of whether or not I hard code a valid username and password into the query. Thank you in advance Quote Link to comment https://forums.phpfreaks.com/topic/72644-solved-pass-form-variable-to-query-not-working/ Share on other sites More sharing options...
trq Posted October 10, 2007 Share Posted October 10, 2007 Firstly, this.... $_SESSION['User'] = $row['FirstName'] + " " + $row['LastName']; needs to be.... $_SESSION['User'] = $row['FirstName'] . " " . $row['LastName']; Secondly you never check your query for failure bfore attempting to use the results. <?php session_start(); header("Cache-Control: no-cache, must-revalidate"); include 'connection.php'; if (isset($_POST['submit'])) { $User = $_POST["user"]; $Pass = $_POST["pass"]; $sql = "select ID, users.FirstName, users.LastName from users where users.UserName ='".$User."' and users.Password ='".$Pass."'" if ($result = mysql_query($sql)) { if (mysql_num_rows($result)) { $_SESSION['User'] = $row['FirstName'] . " " . $row['LastName']; $link = "main.php"; } else { session_destroy(); $link = "login.php"; } header("Location:".$link); } else { die(mysql_error() . " " . $sql; } } ?> Quote Link to comment https://forums.phpfreaks.com/topic/72644-solved-pass-form-variable-to-query-not-working/#findComment-366258 Share on other sites More sharing options...
roopurt18 Posted October 10, 2007 Share Posted October 10, 2007 Well, everything looks OK at first glance. The best thing to do in these circumstances is to gather information. Place this at the top of your script, after the <?php // Spit out $_POST echo '<pre style="text-align: left;">' . print_r($_POST, true) . '</pre>'; Next, change this line: $result = mysql_query("select ID, users.FirstName, users.LastName from users where users.UserName ='".$User."' and users.Password ='".$Pass."'"); to these lines: $sql = "select ID, users.FirstName, users.LastName from users where users.UserName ='".$User."' and users.Password ='".$Pass."'"; echo $sql . "<br>"; $result = mysql_query($sql) or die(mysql_error()); Once we get your querying issues sorted out you should work on cleaning data before attempting to use it in the database. (edit) Good eye, thorpe. I missed the incorrect operators while setting $_SESSION! Quote Link to comment https://forums.phpfreaks.com/topic/72644-solved-pass-form-variable-to-query-not-working/#findComment-366262 Share on other sites More sharing options...
otuatail Posted October 10, 2007 Share Posted October 10, 2007 users.FirstName, users.LastName from users If you are only using one table called users then you can dropp the users. from users.FirstName JUST FirstName Desmond Quote Link to comment https://forums.phpfreaks.com/topic/72644-solved-pass-form-variable-to-query-not-working/#findComment-366266 Share on other sites More sharing options...
gwood_25 Posted October 10, 2007 Author Share Posted October 10, 2007 Thank you for your help. it is very much appreciated as I am new to PHP. However, I get an internal server error when I run your version of the code. Not sure why. I am running IIS7 and vista ultimate and PHP Version 5.2.4 Quote Link to comment https://forums.phpfreaks.com/topic/72644-solved-pass-form-variable-to-query-not-working/#findComment-366271 Share on other sites More sharing options...
trq Posted October 10, 2007 Share Posted October 10, 2007 Turn off show freindly error messgaes in your browser preferences. Quote Link to comment https://forums.phpfreaks.com/topic/72644-solved-pass-form-variable-to-query-not-working/#findComment-366276 Share on other sites More sharing options...
gwood_25 Posted October 10, 2007 Author Share Posted October 10, 2007 I have friendly error messages turned off.... here is the error I get when I use your code.... Server Error in Application "Default Web Site/wcc" -------------------------------------------------------------------------------- HTTP Error 500.0 - Internal Server Error Description: The page cannot be displayed because an internal server error has occurred. Error Code: 0x00000000 Notification: ExecuteRequestHandler Module: IsapiModule Requested URL: http://localhost:80/wcc/admin/authenticate.php Physical Path: D:\wwwroot\wcc\admin\authenticate.php Logon User: Anonymous Logon Method: Anonymous Handler: PHP Most likely causes: IIS received the request; however, an internal error occurred during the processing of the request. The root cause of this error depends on which module handles the request and what was happening in the worker process when this error occurred. IIS was not able to access the web.config file for the Web site or application. This can occur if the NTFS permissions are set incorrectly. IIS was not able to process configuration for the Web site or application. The authenticated user does not have permission to use this DLL. The request is mapped to a managed handler but the .NET Extensibility Feature is not installed. What you can try: Ensure that the NTFS permissions for the web.config file are correct and allow access to the Web server's machine account. Check the event logs to see if any additional information was logged. Verify the permissions for the DLL. Install the .NET Extensibility feature if the request is mapped to a managed handler. Create a tracing rule to track failed requests for this HTTP status code. For more information about creating a tracing rule for failed requests, click here. More Information... This error means that there was a problem while processing the request. The request was received by the Web server, but during processing a fatal error occurred, causing the 500 error. Microsoft Knowledge Base Articles: 294807 -------------------------------------------------------------------------------- Server Version Information: Internet Information Services 7.0. Quote Link to comment https://forums.phpfreaks.com/topic/72644-solved-pass-form-variable-to-query-not-working/#findComment-366303 Share on other sites More sharing options...
roopurt18 Posted October 10, 2007 Share Posted October 10, 2007 Hmmm. I don't know crap about IIS so I can't help you in solving that. I can suggest that if you're doing this just for learning purposes to install XAMPP and just use that. Quote Link to comment https://forums.phpfreaks.com/topic/72644-solved-pass-form-variable-to-query-not-working/#findComment-366311 Share on other sites More sharing options...
gwood_25 Posted October 10, 2007 Author Share Posted October 10, 2007 this code......... <?PHP session_start(); header("Cache-Control: no-cache, must-revalidate"); include 'connection.php'; $User = $_POST["user"]; $Pass = $_POST["pass"]; $sql = "select ID, FirstName, LastName from users where users.UserName ='".$User."' and users.Password ='".$Pass."'"; $result = mysql_query($sql); $num_rows = mysql_num_rows($result); if($num_rows >0) { $_SESSION['User'] = $row['FirstName']." ".$row['LastName']; header("Location:".$link); } else { session_destroy(); echo "User:".$User."<br>"; echo "Pass:".$Pass."<br>"; echo "Query:".$sql."<br>"; echo "Rows:".$num_rows; } ?> produces this result.......... User:jkish Pass:test Query:select ID, FirstName, LastName from users where users.UserName ='jkish' and users.Password ='test' Rows: why is the result empty? When I run that query directly against the db it works fine and returns this....... ID FirstName LastName 1 Jocelyn Kish Thank you again for all of your help. This has me stumped Quote Link to comment https://forums.phpfreaks.com/topic/72644-solved-pass-form-variable-to-query-not-working/#findComment-366313 Share on other sites More sharing options...
roopurt18 Posted October 10, 2007 Share Posted October 10, 2007 Perhaps connection.php isn't establishing the connection properly? Someone else suggest removing users. from your column names, since you're only selecting from a single table. I can't see how that'd make a difference, but it might. You might also enclose all of your column names and the table name in backticks. (EDIT) You should really echo the output from mysql_error(); that'd be your biggest clue. Quote Link to comment https://forums.phpfreaks.com/topic/72644-solved-pass-form-variable-to-query-not-working/#findComment-366322 Share on other sites More sharing options...
gwood_25 Posted October 10, 2007 Author Share Posted October 10, 2007 Thank you for all of your help. I feel very dumb now. I added ..... die(mysql_error() . " " . $sql); and the problem was the connection.php file.... it contained a misspelled password. It works fine now. also, the error with the code provided by thorpe was that the last line .... die(mysql_error() . " " . $sql; was missing a closing ) Again, thank you for all of your help. I am truly sorry if I wasted you time. However, being a newbie, I guess that is how you learn sometimes. Quote Link to comment https://forums.phpfreaks.com/topic/72644-solved-pass-form-variable-to-query-not-working/#findComment-366334 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.