Need help in php login page !!!!

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
janzy
Forum Newbie
Posts: 1
Joined: Tue Oct 27, 2009 9:08 am

Need help in php login page !!!!

Post by janzy »

I m getting error in this code :

<?php

//Database Information

$dbhost = "localhost";
$dbname = "youwtzc_reg";
$dbuser = "youwtzc_janzy";
$dbpass = "wahegurublessme1027";

//Connect to database

mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());

session_start();
$username = $_POST[‘username’];
$password = md5($_POST[‘password’]);

$query = “SELECT * FROM users WHERE username=’$username’ and password=’$password’”;

$result = mysql_query($query);

if (mysql_num_rows($result) != 1) {
$error = “Bad Login”;
include “login.html”;

} else {
$_SESSION[‘username’] = “$username”;
include “memberspage.php”;
}

?>


the error says :
Parse error: syntax error, unexpected T_STRING in /home/youwtzc/public_html/login.php on line 19

please help me through..
thanks
ben.artiss
Forum Contributor
Posts: 116
Joined: Fri Jan 23, 2009 3:04 pm

Re: Need help in php login page !!!!

Post by ben.artiss »

If that is exactly as it was there's a problem with your query. It looks like there's dodgy single quotes (which happens usually by copying/pasting from websites), so just replace all the single and double quotes in this line manually and it should be fine:
$query = “SELECT * FROM users WHERE username=’$username’ and password=’$password’”;
Good luck.
SimonMayer
Forum Commoner
Posts: 32
Joined: Wed Sep 09, 2009 6:40 pm

Re: Need help in php login page !!!!

Post by SimonMayer »

You appear to have given your database username and password away on this forum.
I strongly recommend you change your database password (and username if possible) immediately.
Although we do not know the name/ip of the host, someone may be able to work it out by searching for things you've posted on the web, so publishing those details could compromise the security of your database.
User avatar
Mirge
Forum Contributor
Posts: 298
Joined: Thu Sep 03, 2009 11:39 pm

Re: Need help in php login page !!!!

Post by Mirge »

ben.artiss wrote:If that is exactly as it was there's a problem with your query. It looks like there's dodgy single quotes (which happens usually by copying/pasting from websites), so just replace all the single and double quotes in this line manually and it should be fine:
$query = “SELECT * FROM users WHERE username=’$username’ and password=’$password’”;
Good luck.
In addition to what ben has said, you should also be using (at minimum) mysql_real_escape_string() on your $username and $password variables to prevent SQL injection.

And finally, the query as you have above is not case sensitive... if you wanted it to be case sensitive (password) then you could use:

Code: Select all

$query = "SELECT * FROM users WHERE username='".mysql_real_escape_string($username)."' AND password LIKE BINARY '".mysql_real_escape_string($password)."'";
And yes, change your MySQL login information immediately.
Post Reply