[SOLVED] mysql-query doesn't work

[btr2007]

Help - I am having difficulty with the following. For the mysql_query if I set the user and pass to what is actually in the table it works. But if I leave it as shown I get an error message. Can someone tell me what is wrong

 

 

mysql_connect($sqlhost, $sqluser, $sqlpass);  // Connecting To MySql

  mysql_select_db($sqldb);  // Selecting MySql Database

 

  $client = $_POST['username'];  // Setting The Variable (Always User Different Variable Names Than What Is In Your HTML Forms)

  $pass = md5($_POST['password']);  // Setting The Variable (Always User Different Variable Names Than What Is In Your HTML Forms - Password Should Also Always Be MD5 Encrypted)

  $clientcheck2 = mysql_query("SELECT * FROM users WHERE user= $client AND pass= $pass");  // Check If Any Users Match Username & Password Entered

  $clientcheck = mysql_num_rows($clientcheck2);  // Number Of Results Of The Query

  if ($clientcheck > '0') {  // If One Or More Users Were Found

 

[revraz]

$clientcheck2 = mysql_query("SELECT * FROM users WHERE user= '$client' AND pass= '$pass'"); 

 

Add the single quotes

 

Also, the Passwords in the DB are already hashed with md5 right?

[btr2007]

Yes they are

[marcus]

If revraz's solution didn't help add an or die(mysql_error()); statement at the end of the query

[btr2007]

The solution from revraz comes up login failed. Will try the next solution now

[trq]

You need to do some debuging. Try...

 

<?php

 $client = $_POST['username'];
 $pass = md5($_POST['password']);
 $sql = "SELECT * FROM users WHERE user = '$client' AND pass = '$pass'";
 if ($result = mysql_query($sql)) {
   if (mysql_num_rows($result)) {
     echo "We have results":
   } else {
     echo "No records found";
   }
 } else {
   echo mysql_error() . "<br />$sql";
 }

?>

[btr2007]

mgallforever  solution said login failed also. Will try solution from Thorpe now

[marcus]

try this

 

<?php

mysql_connect($sqlhost, $sqluser, $sqlpass) or die(mysql_error());
mysql_select_db($sqldb);

$client = mysql_real_escape_string($_POST['username']);
$pass = mysql_real_escape_string($_POST['password']);

if ($client && $pass) {
    $sql = "SELECT * FROM `users` WHERE `user`='" . $client . "'";
    $res = mysql_query($sql) or die(mysql_error());
    if (mysql_num_rows($res) == 0) {
        echo "Username does not exist!\n";
    } else {
        $sql2 = "SELECT * FROM `users` WHERE `user`='" . $client . "' AND `pass`='" .
            md5($pass) . "'";
        $res2 = mysql_query($sql2) or die(mysql_error());
        if (mysql_num_rows($res2) == 0) {
            echo "Invalid username and password combination!\n";
        } else {
            // log them in
        }
    }
} else {
    echo "You must supply both username and password!\n";
}

?>

[btr2007]

Just tried the Thorpe solution and it said not finding records. Will try the next solution. Feel like we are close to getting it done but something not quite right

[btr2007]

We got the invalid username and password combination

 

Just a thought what collaboration should the table have

[marcus]

Can you verify the passwords are md5 encrypted?

[btr2007]

They are encrypted.

 

It appears to be working now. Well everything except the cookie stuff! We will have a play around with that to try and get that working now though.

 

Thanks for the help!