[SOLVED] Pass form variable to query not working

[gwood_25]

Hello,

 

I have a simple login form that passes its variables to a php script to authenticate a user and redirect to the appropriate page.

 

The problem is the redirect is not working even when I hard code a valid username and password into the query. I know the query works because I have tested the sql statement against the db and it returns the correct result. My code is below...

 

 

<?PHP

session_start();

header("Cache-Control: no-cache, must-revalidate");

include 'connection.php';

 

$User = $_POST["user"];

$Pass = $_POST["pass"];

 

$result = mysql_query("select ID, users.FirstName, users.LastName from users where users.UserName ='".$User."' and users.Password ='".$Pass."'");

$num_rows = mysql_num_rows($result);

if($num_rows >0)

{

$_SESSION['User'] = $row['FirstName'] + " " + $row['LastName'];

$link = "main.php";

}

else

{

session_destroy();

$link = "login.php";

}

header("Location:".$link);

?>

 

 

Please note... I am always returned to the login.php page regardless of whether or not I hard code a valid username and password into the query.

 

Thank you in advance

 

[trq]

Firstly, this....

 

$_SESSION['User'] = $row['FirstName'] + " " + $row['LastName'];

 

needs to be....

 

$_SESSION['User'] = $row['FirstName'] . " " . $row['LastName'];

 

Secondly you never check your query for failure bfore attempting to use the results.

 

<?php
session_start(); 
header("Cache-Control: no-cache, must-revalidate");
include 'connection.php';

if (isset($_POST['submit'])) {

  $User = $_POST["user"];
  $Pass = $_POST["pass"];

  $sql = "select ID, users.FirstName, users.LastName from users where users.UserName ='".$User."' and users.Password ='".$Pass."'"

  if ($result = mysql_query($sql)) {
    if (mysql_num_rows($result)) {
      $_SESSION['User'] = $row['FirstName'] . " " . $row['LastName'];
      $link = "main.php";
    } else {
       session_destroy();
       $link = "login.php";
    }
    header("Location:".$link);
  } else {
    die(mysql_error() . " " . $sql;
  }

}
?>

[roopurt18]

Well, everything looks OK at first glance.  The best thing to do in these circumstances is to gather information.

 

Place this at the top of your script, after the <?php

  // Spit out $_POST
  echo '<pre style="text-align: left;">' . print_r($_POST, true) . '</pre>';

 

Next, change this line:

$result = mysql_query("select ID, users.FirstName, users.LastName from users where users.UserName ='".$User."' and users.Password ='".$Pass."'");

to these lines:

  $sql = "select ID, users.FirstName, users.LastName from users where users.UserName ='".$User."' and users.Password ='".$Pass."'";
  echo $sql . "<br>";
  $result = mysql_query($sql)
    or die(mysql_error());

 

Once we get your querying issues sorted out you should work on cleaning data before attempting to use it in the database.

 

(edit) Good eye, thorpe.  I missed the incorrect operators while setting $_SESSION!

[otuatail]

users.FirstName, users.LastName from users

 

If you are only using one table called users then you can dropp the users. from

users.FirstName JUST FirstName

 

Desmond

[gwood_25]

Thank you for your help. it is very much appreciated as I am new to PHP. However, I get an internal server error when I run your version of the code. Not sure why. I am running IIS7 and vista ultimate and PHP Version 5.2.4

[trq]

Turn off show freindly error messgaes in your browser preferences.

[gwood_25]

I have friendly error messages turned off.... here is the error I get when I use your code....

 

Server Error in Application "Default Web Site/wcc"

 

--------------------------------------------------------------------------------

 

HTTP Error 500.0 - Internal Server Error

Description: The page cannot be displayed because an internal server error has occurred.

 

Error Code: 0x00000000

 

Notification: ExecuteRequestHandler

 

Module: IsapiModule

 

Requested URL: http://localhost:80/wcc/admin/authenticate.php

 

Physical Path: D:\wwwroot\wcc\admin\authenticate.php

 

Logon User: Anonymous

 

Logon Method: Anonymous

 

Handler: PHP

 

Most likely causes:

 

IIS received the request; however, an internal error occurred during the processing of the request. The root cause of this error depends on which module handles the request and what was happening in the worker process when this error occurred.

IIS was not able to access the web.config file for the Web site or application. This can occur if the NTFS permissions are set incorrectly.

IIS was not able to process configuration for the Web site or application.

The authenticated user does not have permission to use this DLL.

The request is mapped to a managed handler but the .NET Extensibility Feature is not installed.

What you can try:

 

Ensure that the NTFS permissions for the web.config file are correct and allow access to the Web server's machine account.

Check the event logs to see if any additional information was logged.

Verify the permissions for the DLL.

Install the .NET Extensibility feature if the request is mapped to a managed handler.

Create a tracing rule to track failed requests for this HTTP status code. For more information about creating a tracing rule for failed requests, click here.

More Information... This error means that there was a problem while processing the request. The request was received by the Web server, but during processing a fatal error occurred, causing the 500 error.

 

Microsoft Knowledge Base Articles:

 

294807

 

--------------------------------------------------------------------------------

Server Version Information: Internet Information Services 7.0.

[roopurt18]

Hmmm.  I don't know crap about IIS so I can't help you in solving that.  I can suggest that if you're doing this just for learning purposes to install XAMPP and just use that.

[gwood_25]

this code.........

 

<?PHP

session_start();

header("Cache-Control: no-cache, must-revalidate");

include 'connection.php';

 

$User = $_POST["user"];

$Pass = $_POST["pass"];

 

$sql = "select ID, FirstName, LastName from users where users.UserName ='".$User."' and users.Password ='".$Pass."'";

$result = mysql_query($sql);

$num_rows = mysql_num_rows($result);

if($num_rows >0)

{

$_SESSION['User'] = $row['FirstName']." ".$row['LastName'];

header("Location:".$link);

}

else

{

session_destroy();

echo "User:".$User."<br>";

echo "Pass:".$Pass."<br>";

echo "Query:".$sql."<br>";

echo "Rows:".$num_rows;

}

?>

 

 

produces this result..........

 

User:jkish

Pass:test

Query:select ID, FirstName, LastName from users where users.UserName ='jkish' and users.Password ='test'

Rows:

 

 

why is the result empty?

When I run that query directly against the db it works fine and returns this.......

 

ID          FirstName   LastName

1 Jocelyn   Kish

 

 

Thank you again for all of your help. This has me stumped

 

 

[roopurt18]

Perhaps connection.php isn't establishing the connection properly?

 

Someone else suggest removing users. from your column names, since you're only selecting from a single table.  I can't see how that'd make a difference, but it might.

 

You might also enclose all of your column names and the table name in backticks.

 

(EDIT)  You should really echo the output from mysql_error(); that'd be your biggest clue.

[gwood_25]

Thank you for all of your help. I feel very dumb now. I added .....

 

die(mysql_error() . " " . $sql);

 

and the problem was the connection.php file.... it contained a misspelled password.

 

It works fine now.

 

also, the error with the code provided by thorpe was that the last line .... die(mysql_error() . " " . $sql;  was missing a closing )

 

Again, thank you for all of your help. I am truly sorry if I wasted you time. However, being a newbie, I guess that is how you learn sometimes.