php Update mySQL / IF

a1amattyj · March 26, 2008

Hi,

Im currently having some issues with this code:

$query="SELECT * FROM admins WHERE username='$username'";
$result=mysql_query($query);
$row = mysql_fetch_array($result);

if($row['attempts'] == 5 OR 4 OR 3 OR 2){
$query="UPDATE admins SET attempts = attempts - 1 WHERE username='$username'";
$result=mysql_query($query);
}else if($row['attempts'] == 1){
$random = rand(9999, 99999);
$query="UPDATE admins SET attempts = 5 WHERE username='$username'";
$result=mysql_query($query);
$query="UPDATE admins SET uid='$random' WHERE username='$username'";
$result=mysql_query($query);
}

So, what i want it to do is when login, it will set your field as -1 from what it was, so if you login and the field is 5, it will update it to 4.. all the way down to 2.

But if you login and the field is 1, it will update it to 5, and generate and random 5 figure number and update another field with this number and repeats itself..

Error = works fine, but when it is 1, and you login, it ignore everything and continues to just take -1 from the field and no mysql/php errors are displayed.

Thanks.

wildteen88 · March 26, 2008

This will not work:

if($row['attempts'] == 5 OR 4 OR 3 OR 2){

You'll have to do each comparison separately, eg:

if($row['attempts'] == 5 OR $row['attempts'] == 4 etc all the way to two){

However it'll be better if you did a range:

if($row['attempts'] <= 5 && $row['attempts'] >=2) {

Also these two queries:

$query="UPDATE admins SET attempts = 5 WHERE username='$username'";
$query="UPDATE admins SET uid='$random' WHERE username='$username'";

would be better of being as one:

$query="UPDATE admins SET attempts = 5 AND uid='$random' WHERE username='$username'";

a1amattyj · March 26, 2008

This will not work:
if($row['attempts'] == 5 OR 4 OR 3 OR 2){
You'll have to do each comparison separately, eg:
if($row['attempts'] == 5 OR $row['attempts'] == 4 etc all the way to two){
However it'll be better if you did a range:
if($row['attempts'] <= 5 && $row['attempts'] >=2) {

Brilliant will give it a try.

Thanks!

soycharliente · March 26, 2008

Maybe something like?

<?php
$query="SELECT * FROM `admins` WHERE `username`='$username'";
$result=mysql_query($query) OR DIE ("Bad code!");
$row = mysql_fetch_assoc($result);

$attempts = $row['attempts'];
switch ($attempts):
case 5:
case 4:
case 3:
case 2:
	mysql_query("UPDATE `admins`SET `attempts`=`attempts` - 1 WHERE `username`='$username'") OR DIE ("Error!");
	break;
case 1:
	$random = rand(9999, 99999);
	mysql_query("UPDATE `admins` SET `attempts`='5' WHERE `username`='$username'") OR DIE ("Error!");
	mysql_query("UPDATE `admins` SET `uid`='$random' WHERE `username`='$username'") OR DIE ("Error!");
	break;
default:
	// something for a default?
?>

Adding some DIE statements might show you errors. Also, echo out the queries. Maybe the parameters you're passing are malformed and it's failing for that.

a1amattyj · March 26, 2008

This will not work:
if($row['attempts'] == 5 OR 4 OR 3 OR 2){
You'll have to do each comparison separately, eg:
if($row['attempts'] == 5 OR $row['attempts'] == 4 etc all the way to two){
However it'll be better if you did a range:
if($row['attempts'] <= 5 && $row['attempts'] >=2) {
Also these two queries:
$query="UPDATE admins SET attempts = 5 WHERE username='$username'";
$query="UPDATE admins SET uid='$random' WHERE username='$username'";
would be better of being as one:
$query="UPDATE admins SET attempts = 5 AND uid='$random' WHERE username='$username'";

Okay,

if($row['attempts'] <= 5 && $row['attempts'] >=2) {

It added around 10 to the attempt field and reset the UID on every attempt.

if($row['attempts'] == 5 OR $row['attempts'] == 4 OR $row['attempts'] == 3 OR $row['attempts'] == 2) {

When i do this ^^, it does the same as my first error.

Thanks!

a1amattyj · March 27, 2008

Bump,

Here is the full code, it might be the header with all the row statements which it isnt reading.

<?php
session_start();
require('../mf_operations/config_inc.php');

$username= mysql_real_escape_string($_POST['username_login']);
$password= mysql_real_escape_string($_POST['password_login']);
$uid= mysql_real_escape_string($_POST['uid']);

$encrypted_password=md5($password);

$query="SELECT * FROM admins WHERE username='$username' and password='$encrypted_password' and uid='$uid'";
$result=mysql_query($query);
$count=mysql_num_rows($result);

$query2="SELECT * FROM admins WHERE username='$username'";
$result2=mysql_query($query2);
$row = mysql_fetch_array($result2);
$tcount = $row['attempts'];

if($tcount >1){
mysql_query("UPDATE admins SET attempts = attempts - 1 WHERE username='$username'");
}else{
$random = rand(9999, 99999);
mysql_query("UPDATE admins SET attempts = attempts + 5 AND uid='$random' WHERE username='$username'");
}

if($count==1){
$_SESSION['username'] = "$username";
$_SESSION['password'] = "$encrypted_password";
$_SESSION['uid'] = "$uid";

echo "
<script type='text/javascript'>
window.location = 'index.php';
</script>";
}else{
echo "
<script type='text/javascript'>
window.location = 'login.php?act=fail';
</script>";
}
?>

soycharliente · March 27, 2008

1. What is the error? What line does it say for?

2. There's no need to run so many queries. You're getting the same data twice with query and query2. There's no need for that.

3. What's going to happen when the user doesn't have JavaScript enabled? I would use header() or a meta redirect.

4. I am interpretting that you're using count to see how many rows are returned. Like you got the result you wanted, which is 1. You also don't want to fetch_array if you have fewer than one, so what I would also suggest is to put an if statement to make sure you got some rows back before you do the fetch. By doing that, you can then move your if statement with $count up to there. But with doing that comes moving the other if statement inside as well as it wouldn't be executed because of the header.

With all that being said, my recommendation is ...

Try this ...

<?php
session_start();
require('../mf_operations/config_inc.php');

$username = mysql_real_escape_string($_POST['username_login']);
$password = mysql_real_escape_string($_POST['password_login']);
$uid = mysql_real_escape_string($_POST['uid']);
$encrypted_password = md5($password);

$query = "SELECT * FROM `admins` WHERE `username`='$username' AND `password`='$encrypted_password' AND `uid`='$uid'";
$result = mysql_query($query) OR DIE ("Error!<br />$query<br />".mysql_error());
$count = mysql_num_rows($result);
if ($count > 0)
{
$row = mysql_fetch_array($result);
$tcount = $row['attempts'];
if ($tcount > 1)
{
	mysql_query("UPDATE `admins` SET `attempts`=`attempts`-1 WHERE `username`='$username'");
}
else
{
	$random = rand(9999, 99999);
	mysql_query("UPDATE `admins` SET `attempts`=`attempts`+5 AND `uid`='$random' WHERE `username`='$username'");
}
if ($count == 1)
{
	$_SESSION['username'] = "$username";
	$_SESSION['password'] = "$encrypted_password";
	$_SESSION['uid'] = "$uid";
	header("Location: index.php"); // execute when $count = 1
	exit();
	//echo '<meta http-equiv="refresh" content="5;url=index.php">';
}
header("Location: login.php?act=fail"); // execute for all other values of $count
exit();
//echo '<meta http-equiv="refresh" content="5;url=login.php?act=fail">';
}
else
{
// no rows were returned and there wasn't an error
// do something else
}
?>

Sign In

php Update mySQL / IF

Recommended Posts

a1amattyj

Link to comment

Share on other sites

wildteen88

Link to comment

Share on other sites

a1amattyj

Link to comment

Share on other sites

soycharliente

Link to comment

Share on other sites

a1amattyj

Link to comment

Share on other sites

a1amattyj

Link to comment

Share on other sites

soycharliente

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information