Page 1 of 1

Need help in php login page !!!!

Posted: Tue Oct 27, 2009 9:11 am
by janzy
I m getting error in this code :

<?php

//Database Information

$dbhost = "localhost";
$dbname = "youwtzc_reg";
$dbuser = "youwtzc_janzy";
$dbpass = "wahegurublessme1027";

//Connect to database

mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());

session_start();
$username = $_POST[‘username’];
$password = md5($_POST[‘password’]);

$query = “SELECT * FROM users WHERE username=’$username’ and password=’$password’”;

$result = mysql_query($query);

if (mysql_num_rows($result) != 1) {
$error = “Bad Login”;
include “login.html”;

} else {
$_SESSION[‘username’] = “$username”;
include “memberspage.php”;
}

?>


the error says :
Parse error: syntax error, unexpected T_STRING in /home/youwtzc/public_html/login.php on line 19

please help me through..
thanks

Re: Need help in php login page !!!!

Posted: Tue Oct 27, 2009 9:22 am
by ben.artiss
If that is exactly as it was there's a problem with your query. It looks like there's dodgy single quotes (which happens usually by copying/pasting from websites), so just replace all the single and double quotes in this line manually and it should be fine:
$query = “SELECT * FROM users WHERE username=’$username’ and password=’$password’”;
Good luck.

Re: Need help in php login page !!!!

Posted: Wed Oct 28, 2009 8:29 am
by SimonMayer
You appear to have given your database username and password away on this forum.
I strongly recommend you change your database password (and username if possible) immediately.
Although we do not know the name/ip of the host, someone may be able to work it out by searching for things you've posted on the web, so publishing those details could compromise the security of your database.

Re: Need help in php login page !!!!

Posted: Wed Oct 28, 2009 11:29 am
by Mirge
ben.artiss wrote:If that is exactly as it was there's a problem with your query. It looks like there's dodgy single quotes (which happens usually by copying/pasting from websites), so just replace all the single and double quotes in this line manually and it should be fine:
$query = “SELECT * FROM users WHERE username=’$username’ and password=’$password’”;
Good luck.
In addition to what ben has said, you should also be using (at minimum) mysql_real_escape_string() on your $username and $password variables to prevent SQL injection.

And finally, the query as you have above is not case sensitive... if you wanted it to be case sensitive (password) then you could use:

Code: Select all

$query = "SELECT * FROM users WHERE username='".mysql_real_escape_string($username)."' AND password LIKE BINARY '".mysql_real_escape_string($password)."'";
And yes, change your MySQL login information immediately.