widget Posted November 3, 2007 Share Posted November 3, 2007 My site has a quite strict 1 account per user rule. Sometimes the IP check is not 100% accurate and I have found that most duplicate users use the same password for each account. What I have done is created a form with a user name input field. I would then like to store that users password in a variable and then cross check the users table and display all matching results by username. This is what I currently have and its not working. if (!$act) { <FORM ACTION="admin_search_pw.php" METHOD=get> <input type=hidden name=act value=search> <INPUT TYPE=text NAME="pw_user" VALUE="" SIZE=38> <INPUT TYPE=submit VALUE="Search!"> </FORM> } if ($act) { $pw = "SELECT * FROM members2 WHERE `username` == '%$pw_user%'"; $sql_query = ("SELECT username FROM `members2` WHERE password == $pw"); //store the SQL query in the result variable $result = mysql_query($sql_query); if(mysql_num_rows($result)) { //output as long as there are still available fields ?><table><? while($row = mysql_fetch_row($result)) { echo ("<tr><td>$row[1]<br><br></td></tr>"); } ?></table><? } //if no fields exist else { echo "no values in the database"; } } Any help would be much appreciated, oh and no I dont want to see the password, just the usernames with matching passwords. The actual form method works, just not my database results code. this is the error Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/chicka/public_html/admin/admin_search_pw.php on line 59 no values in the database Link to comment https://forums.phpfreaks.com/topic/75909-solved-comparing-2-fields-help-please/ Share on other sites More sharing options...
wildteen88 Posted November 3, 2007 Share Posted November 3, 2007 If you are getting that error then you should check your query for errors. Looking at your query there is a few problems. 1. You are using a reserved MySQL keyword for a field name, which is password If you use a reserved word in your query you should wrap back ticks (`) around the field name. 2. strings should be wrapped in quotes and invalid operator used: ... WHERE password == $pw <-- incorrect ... WHERE `password` = '$pw' <-- correct SO change this line: $sql_query = ("SELECT username FROM `members2` WHERE password == $pw"); To: $sql_query = ("SELECT username FROM `members2` WHERE `password` = '$pw'"); and you should not get the error any more. If you do still get an error, change this line: $result = mysql_query($sql_query); to: $result = mysql_query($sql_query) or die('Query Error:<br />'.$sql_query.'<br /><br />'.mysql_error()); Link to comment https://forums.phpfreaks.com/topic/75909-solved-comparing-2-fields-help-please/#findComment-384175 Share on other sites More sharing options...
widget Posted November 3, 2007 Author Share Posted November 3, 2007 thank you for that but now i get this error Query Error: SELECT username FROM `members2` WHERE `password` = 'SELECT password FROM members2 WHERE `username` == '%lollypopchicka%'' Unknown column 'lollypopchicka' in 'where clause' current code is if ($act) { $pw = ("SELECT password FROM members2 WHERE `username` == '%$pw_user%'"); $sql_query = ("SELECT username FROM `members2` WHERE `password` = '$pw'"); //store the SQL query in the result variable $result = mysql_query($sql_query) or die('Query Error:<br />'.$sql_query.'<br /><br />'.mysql_error()); if(mysql_num_rows($result)) { //output as long as there are still available fields ?><table><? while($row = mysql_fetch_row($result)) { echo ("<tr><td>$row[1]<br><br></td></tr>"); } ?></table><? } //if no fields exist else { echo "no values in the database"; } } Link to comment https://forums.phpfreaks.com/topic/75909-solved-comparing-2-fields-help-please/#findComment-384180 Share on other sites More sharing options...
dbo Posted November 3, 2007 Share Posted November 3, 2007 There is no == in SQL Link to comment https://forums.phpfreaks.com/topic/75909-solved-comparing-2-fields-help-please/#findComment-384186 Share on other sites More sharing options...
wildteen88 Posted November 3, 2007 Share Posted November 3, 2007 You can't do queries like that! What do you want to be returned from the query? Do you want both the username and password or just the username or password? Link to comment https://forums.phpfreaks.com/topic/75909-solved-comparing-2-fields-help-please/#findComment-384188 Share on other sites More sharing options...
widget Posted November 3, 2007 Author Share Posted November 3, 2007 Just the usernames All im trying to do is enter a username in the form and have it display all usernames with a matching password. Link to comment https://forums.phpfreaks.com/topic/75909-solved-comparing-2-fields-help-please/#findComment-384190 Share on other sites More sharing options...
wildteen88 Posted November 3, 2007 Share Posted November 3, 2007 Then you'll use the following query: $sql_query = "SELECT username, password FROM `members2` WHERE `username`='$pw_user'"; Not two. Link to comment https://forums.phpfreaks.com/topic/75909-solved-comparing-2-fields-help-please/#findComment-384191 Share on other sites More sharing options...
widget Posted November 3, 2007 Author Share Posted November 3, 2007 that just gives me the username or password (depending on what I change the row number to) of the person I typed into the form. I need to to display all usernames that have a matching password. if ($act) { $sql_query = "SELECT username, password FROM `members2` WHERE `username`='$pw_user'"; //store the SQL query in the result variable $result = mysql_query($sql_query) or die('Query Error:<br />'.$sql_query.'<br /><br />'.mysql_error()); if(mysql_num_rows($result)) { //output as long as there are still available fields ?><table><? while($row = mysql_fetch_row($result)) { echo ("<tr><td>$row[0]<br><br></td></tr>"); } ?></table><? } //if no fields exist else { echo "no values in the database"; } } Link to comment https://forums.phpfreaks.com/topic/75909-solved-comparing-2-fields-help-please/#findComment-384193 Share on other sites More sharing options...
widget Posted November 3, 2007 Author Share Posted November 3, 2007 Nevermind, I've set up 2 forms. 1 to give me the password and then another to compare the password. I was going to have my site mods use this tool. The passwords are encrypted, so is it still safe to let them use it? Is there a way they can work out what the passwords are? Link to comment https://forums.phpfreaks.com/topic/75909-solved-comparing-2-fields-help-please/#findComment-384195 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.