Jump to content

[SOLVED] Comparing 2 fields - Help Please

widget

By widget
in PHP Coding Help

 Share

Recommended Posts

widget Member

widget

Posted
Posted

My site has a quite strict 1 account per user rule.

Sometimes the IP check is not 100% accurate and I have found that most duplicate users use the same password for each account.

 

What I have done is created a form with a user name input field.

 

I would then like to store that users password in a variable and then cross check the users table and display all matching results by username.

 

This is what I currently have and its not working.

 

if (!$act)
{
<FORM ACTION="admin_search_pw.php" METHOD=get>
<input type=hidden name=act value=search>
<INPUT TYPE=text NAME="pw_user" VALUE="" SIZE=38>
<INPUT TYPE=submit VALUE="Search!">
</FORM>
}


if ($act)
{
$pw = "SELECT * FROM members2 WHERE `username` == '%$pw_user%'";

$sql_query = ("SELECT username FROM `members2` WHERE password == $pw");
//store the SQL query in the result variable
$result = mysql_query($sql_query);
if(mysql_num_rows($result))
{
//output as long as there are still available fields
?><table><?
while($row = mysql_fetch_row($result))
{


echo ("<tr><td>$row[1]<br><br></td></tr>");
}
?></table><?
}
//if no fields exist
else
{
echo "no values in the database";
} 
}

 

Any help would be much appreciated, oh and no I dont want to see the password, just the usernames with matching passwords.

The actual form method works, just not my database results code.

 

 

this is the error

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/chicka/public_html/admin/admin_search_pw.php on line 59

no values in the database

 

Link to comment
https://forums.phpfreaks.com/topic/75909-solved-comparing-2-fields-help-please/
Share on other sites
wildteen88 Regular Member

wildteen88

Posted
Posted

If you are getting that error then you should check your query for errors. Looking at your query there is a few problems.

 

1. You are using a reserved MySQL keyword for a field name, which is password

If you use a reserved word in your query you should wrap back ticks (`) around the field name.

 

2. strings should be wrapped in quotes and invalid operator used:

... WHERE password == $pw <-- incorrect

 

... WHERE `password` = '$pw' <-- correct

 

SO change this line:

$sql_query = ("SELECT username FROM `members2` WHERE password == $pw");

To:

$sql_query = ("SELECT username FROM `members2` WHERE `password` = '$pw'");

and you should not get the error any more.

 

If you do still get an error, change this line:

$result = mysql_query($sql_query);

 

to:

$result = mysql_query($sql_query) or die('Query Error:<br />'.$sql_query.'<br /><br />'.mysql_error());

widget Member

widget

Posted
  • Author
Posted

thank you for that but now i get this error

 

Query Error:

SELECT username FROM `members2` WHERE `password` = 'SELECT password FROM members2 WHERE `username` == '%lollypopchicka%''

 

Unknown column 'lollypopchicka' in 'where clause'

 

current code is

 

if ($act)
{
$pw = ("SELECT password FROM members2 WHERE `username` == '%$pw_user%'");
$sql_query = ("SELECT username FROM `members2` WHERE `password` = '$pw'");
//store the SQL query in the result variable
$result = mysql_query($sql_query) or die('Query Error:<br />'.$sql_query.'<br /><br />'.mysql_error());
if(mysql_num_rows($result))
{
//output as long as there are still available fields
?><table><?
while($row = mysql_fetch_row($result))
{


echo ("<tr><td>$row[1]<br><br></td></tr>");
}
?></table><?
}
//if no fields exist
else
{
echo "no values in the database";
} 
}

widget Member

widget

Posted
  • Author
Posted

that just gives me the username or password (depending on what I change the row number to) of the person I typed into the form. I need to to display all usernames that have a matching password.

 

if ($act)
{
$sql_query = "SELECT username, password FROM `members2` WHERE `username`='$pw_user'";
//store the SQL query in the result variable
$result = mysql_query($sql_query) or die('Query Error:<br />'.$sql_query.'<br /><br />'.mysql_error());
if(mysql_num_rows($result))
{
//output as long as there are still available fields
?><table><?
while($row = mysql_fetch_row($result))
{


echo ("<tr><td>$row[0]<br><br></td></tr>");
}
?></table><?
}
//if no fields exist
else
{
echo "no values in the database";
} 
}

widget Member

widget

Posted
  • Author
Posted

Nevermind, I've set up 2 forms.

 

1 to give me the password and then another to compare the password.

 

I was going to have my site mods use this tool. The passwords are encrypted, so is it still safe to let them use it?

 

Is there a way they can work out what the passwords are?

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.