designedfree4u Posted March 21, 2008 Share Posted March 21, 2008 Line 39 1. <?php 2. 3. session_start(); 4. 5. if(isset($_REQUEST['submit'])) 6. { 7. $username = $_POST['username']; 8. $password = md5($_POST['password']); 9. 10. setcookie('username', $username); 11. 12. // Location of the user area 13. $user_area_location = 'account.php'; 14. 15. // Connect to MySQL database: 16. $username=""; 17. $password=""; 18. $database=""; 19. 20. mysql_connect("localhost",$username,$password); 21. @mysql_select_db($database) or die( "Unable to select database"); 22. 23. $error = array(); 24. if(isset($_GET['action'])) 25. { 26. switch($_GET['action']) 27. { 28. case 'logoff': 29. session_destroy(); 30. array_push($error, 'You were logged off.'); 31. break; 32. } 33. } 34. 35. if(count($error) == 0) 36. { 37. if(empty($_POST['username'])) 38. { 39. array_push($error, 'You didn't supply a username'); 40. } 41. if(empty($_POST['password'])) 42. { 43. array_push($error, 'You didn't supply a password'); 44. } 45. 46. $result = @mysql_query('SELECT name FROM `users` WHERE username = ''.mysql_real_escape_string($username).'' AND password = ''. 47. $password.'''); 48. if(mysql_num_rows($result) > 0) 49. { 50. $_SESSION['loggedIn'] = true; 51. header('Location: '.$user_area_location); 52. exit; // stops the script from running after redirect 53. } 54. else 55. { 56. array_push($error, 'The credentials you provided were not correct'); 57. } 58. } 59. } 60. ?> 61. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 62. <html xmlns="http://www.w3.org/1999/xhtml"> 63. <head> 64. <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> 65. <title>Login</title> 66. </head> 67. <body> 68. <table width="284" height="162" border="0" cellpadding="0" cellspacing="2"> 69. <form method="post" action="login.php"> 70. <?php if((isset($error)) && (count($error) > 0)): ?> 71. <tr> 72. <td colspan="2"> <ul> 73. <?php foreach($error as $message) { echo '<li>'.$message.'</li>'; } ?> 74. </ul></td> 75. </tr> 76. <?php endif; ?> 77. <tr> 78. <td>Username:</td> 79. <td><input type="text" name="username" value="<?= isset($_REQUEST['username']) ? $_REQUEST['username'] : '' ?>" /></td> 80. </tr> 81. <tr> 82. <td>Password:</td> 83. <td><input type="password" name="password" /></td> 84. </tr> 85. <tr> 86. <td> </td> 87. <td><input type="submit" name="submit" value="Login!" /></td> 88. </tr> 89. <tr> 90. <td colspan="2">Not a User? <a href="register.php">Register Here</a></td> 91. </tr> 92. </form> 93. </table> 94. </body> 95. </html> Quote Link to comment https://forums.phpfreaks.com/topic/97268-can-you-till-me-whats-wrong-with-line-39/ Share on other sites More sharing options...
MadTechie Posted March 21, 2008 Share Posted March 21, 2008 the single quote array_push($error, 'You didn't supply a username'); change to array_push($error, 'You didn\'t supply a username'); or array_push($error, "You didn't supply a username"); Quote Link to comment https://forums.phpfreaks.com/topic/97268-can-you-till-me-whats-wrong-with-line-39/#findComment-497720 Share on other sites More sharing options...
designedfree4u Posted March 21, 2008 Author Share Posted March 21, 2008 that worked thanks, how about this one? $result = @mysql_query('SELECT name FROM users WHERE username = ''.mysql_real_escape_string($username).'' AND password = ''$password.'''); Quote Link to comment https://forums.phpfreaks.com/topic/97268-can-you-till-me-whats-wrong-with-line-39/#findComment-497773 Share on other sites More sharing options...
refiking Posted March 21, 2008 Share Posted March 21, 2008 Try this... $result = @mysql_query("SELECT name FROM users WHERE username = '.mysql_real_escape_string($username).' AND password = '$password.'"); Quote Link to comment https://forums.phpfreaks.com/topic/97268-can-you-till-me-whats-wrong-with-line-39/#findComment-497781 Share on other sites More sharing options...
papaface Posted March 21, 2008 Share Posted March 21, 2008 ^^^ should be: $result = mysql_query("SELECT `name` FROM `users` WHERE `username` = '".mysql_real_escape_string($username)."' AND `password` = '".$password."'") or die (mysql_error()); Quote Link to comment https://forums.phpfreaks.com/topic/97268-can-you-till-me-whats-wrong-with-line-39/#findComment-497784 Share on other sites More sharing options...
uniflare Posted March 21, 2008 Share Posted March 21, 2008 google php concatenation or something, this is basic syntax, im sure there are lots of beginner tutorials out there . always check syntax when debugging, quotes and missing/extra characters are usally the culprit. Quote Link to comment https://forums.phpfreaks.com/topic/97268-can-you-till-me-whats-wrong-with-line-39/#findComment-497788 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.