Is this correct?

carylson · January 3, 2008

Im not sure if I'm using mysql_fetch_array() and mysql_query() correctly. I get mysql errors on the following line:

$UserInfo = mysql_fetch_array(mysql_query("SELECT * FROM Users WHERE Username = '". $_REQUEST['frmUsername'] ."' && Password = '". $_REQUEST['frmPassword'] ."'"));

Can anybody help?

Thanks!

The rest of the code:

<?php

if ($_REQUEST['fcn'] == "login") {

if ($_REQUEST['frmUsername'] == "" || $_REQUEST['frmPassword'] == "") {

echo "Invalid login. Please complete all form data and try again.";

}

else {

$UserInfo = mysql_fetch_array(mysql_query("SELECT * FROM Users WHERE Username = '". $_REQUEST['frmUsername'] ."' && Password = '". $_REQUEST['frmPassword'] ."'"));

if ($UserInfo) {

$_SESSION['LoggedIn'] = True;

$_SESSION['ID'] = $UserInfo['ID'];

$_SESSION['Username'] = $UserInfo['Username'];

$_SESSION['AdminLevel'] = $UserInfo['AdminLevel'];

echo "Login successful. Hello, ". $_SESSION['Username'] ."!";

}

else {

echo "Invalid login. The specified user could not be found. Please double check your information and try again.";

}

?>

... some html ...

duclet · January 3, 2008

Change it to this so I can see the error message:

         $query = mysql_query("SELECT * FROM Users WHERE Username = '". $_REQUEST['frmUsername'] ."' && Password = '". $_REQUEST['frmPassword'] ."'")
                  or die(mysql_error());
         $UserInfo = mysql_fetch_array($query);

Sign In

Is this correct?

Recommended Posts

carylson

Link to comment

Share on other sites

duclet

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information