Page 1 of 1

PHP MySQL Query

Posted: Sun Jun 14, 2009 10:55 am
by iWizard
I have tried for the past 3 hours and cannot seem to find where my code is going wrong. Could someone please read the code below and tell me why it keeps on returning an error when trying to run "mysql_fetch_array()".

Code: Select all

<?php
session_name("internalweb");
session_start();
 
$username=$_REQUEST["log"];
$password=$_REQUEST["pwd"];
 
$sha1_password=sha1($password);
 
include("database.php");
 
 
//Where the error occurs
$mysql_query="SELECT * FROM 'login' WHERE 'USERNAME'='$username'";
$mysql_array=mysql_query($mysql_query);
$mysql_return=$mysql_fetch_array($mysql_array);
 
if($mysql_return[BANNED]==0)
{
    if($mysql_return[PASSWORD]==$sha1_password)
    {
        $userip=$_SERVER["REMORE_ADDR"];
        $_SESSION["loggedin"]="1";
        $_SESSION["name"]=$mysql_return[NAME];
        $_SESSION["username"]=$mysql_return[USERNAME];
        $_SESSION["email"]=$mysql_return[EMAIL];
        $_SESSION["lastip"]=$mysql_return[LASTIP];
        $_SESSION["inout"]=$mysql_return[INOUT];
        $numinout=$mysql_return[INOUT]+"1";
        $mysql_update="UPDATE 'login' SET 'lastip' = '$userip' AND 'INOUT' = '$numinout' WHERE 'ID' = '".$mysql_query[ID]."'";
        echo $mysql_update;
        echo mysql_query($mysql_update);
        header("-top secret-");
    } else {
        header("-top secret-");
    }
} else {
    header("-top secret-");
}

Re: PHP MySQL Query

Posted: Sun Jun 14, 2009 10:58 am
by Weirdan
because you have a $ in your function call:

Code: Select all

 
$mysql_return=$mysql_fetch_array($mysql_array);
// should be
$mysql_return = mysql_fetch_array($mysql_array);
 

Re: PHP MySQL Query

Posted: Sun Jun 14, 2009 10:59 am
by iWizard
I fixed that. It was a copy and paste error. But, I am still getting, the error

Code: Select all

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/iwizard1/public_html/www/internal/do-login.php  on line 14

Re: PHP MySQL Query

Posted: Sun Jun 14, 2009 11:04 am
by Weirdan
Btw, your query is wrong as well:

Code: Select all

 
$mysql_query="SELECT * FROM 'login' WHERE 'USERNAME'='$username'";
// should be
$mysql_query="SELECT * FROM `login` WHERE `USERNAME`='" . mysql_real_escape_string($username) . "'";
 
In MySQL field and table names are quoted using backticks. mysql_real_escape_string is required to allow usernames like this to behave correctly: Billy';drop table login --