Jump to content

[SOLVED] mysql-query doesn't work


btr2007

Recommended Posts

Help - I am having difficulty with the following. For the mysql_query if I set the user and pass to what is actually in the table it works. But if I leave it as shown I get an error message. Can someone tell me what is wrong

 

 

mysql_connect($sqlhost, $sqluser, $sqlpass);  // Connecting To MySql

  mysql_select_db($sqldb);  // Selecting MySql Database

 

  $client = $_POST['username'];  // Setting The Variable (Always User Different Variable Names Than What Is In Your HTML Forms)

  $pass = md5($_POST['password']);  // Setting The Variable (Always User Different Variable Names Than What Is In Your HTML Forms - Password Should Also Always Be MD5 Encrypted)

  $clientcheck2 = mysql_query("SELECT * FROM users WHERE user= $client AND pass= $pass");  // Check If Any Users Match Username & Password Entered

  $clientcheck = mysql_num_rows($clientcheck2);  // Number Of Results Of The Query

  if ($clientcheck > '0') {  // If One Or More Users Were Found

 

Link to comment
https://forums.phpfreaks.com/topic/81396-solved-mysql-query-doesnt-work/
Share on other sites

You need to do some debuging. Try...

 

<?php

 $client = $_POST['username'];
 $pass = md5($_POST['password']);
 $sql = "SELECT * FROM users WHERE user = '$client' AND pass = '$pass'";
 if ($result = mysql_query($sql)) {
   if (mysql_num_rows($result)) {
     echo "We have results":
   } else {
     echo "No records found";
   }
 } else {
   echo mysql_error() . "<br />$sql";
 }

?>

try this

 

<?php

mysql_connect($sqlhost, $sqluser, $sqlpass) or die(mysql_error());
mysql_select_db($sqldb);

$client = mysql_real_escape_string($_POST['username']);
$pass = mysql_real_escape_string($_POST['password']);

if ($client && $pass) {
    $sql = "SELECT * FROM `users` WHERE `user`='" . $client . "'";
    $res = mysql_query($sql) or die(mysql_error());
    if (mysql_num_rows($res) == 0) {
        echo "Username does not exist!\n";
    } else {
        $sql2 = "SELECT * FROM `users` WHERE `user`='" . $client . "' AND `pass`='" .
            md5($pass) . "'";
        $res2 = mysql_query($sql2) or die(mysql_error());
        if (mysql_num_rows($res2) == 0) {
            echo "Invalid username and password combination!\n";
        } else {
            // log them in
        }
    }
} else {
    echo "You must supply both username and password!\n";
}

?>

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.