comparing stored and entered values

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
php_user13
Forum Newbie
Posts: 8
Joined: Sat Mar 06, 2010 9:01 pm

comparing stored and entered values

Post by php_user13 »

I'm still learning PHP and am having problems comparing stored and entered values.

I can display stored data via the SELECT statement, but not act on it. E.g. I have stored the encrypted version of an entered password
$encPass = md5($_POST["psword"]);
I want to compare this stored value with a later entered value via a login form e.g. $encLogin = md5($_POST["psword2"]);
If the two (encrypted) values are the same the user gains access to a webpage via a link
md5 ensures the encryptions are consistent, but I can't act on the stored value
$query = "SELECT psword FROM Members WHERE usrname='fjohnson'";
$results = mysql_query($query, $conn);
I can't act on this value to make the comparison.

Can anyone advise?
Last edited by php_user13 on Sun Mar 07, 2010 2:30 am, edited 1 time in total.
jraede
Forum Contributor
Posts: 254
Joined: Tue Feb 16, 2010 5:39 pm

Re: comparing stored and entered values

Post by jraede »

I answered this question on the thread you already started regarding this issue...please don't double post.
php_user13
Forum Newbie
Posts: 8
Joined: Sat Mar 06, 2010 9:01 pm

Re: comparing stored and entered values

Post by php_user13 »

Sorry,
I wasn't sure that one would look at the second level question

However, I tried a similar version of the "Password" example and it didn't work, which is why I posted the query

I can access input data, but not stored data,
I can only display the contents of the database, not process it in an if statement.
jraede
Forum Contributor
Posts: 254
Joined: Tue Feb 16, 2010 5:39 pm

Re: comparing stored and entered values

Post by jraede »

Ok, where are you actually getting the password field from the database? Looks to me like you stopped after you performed the query...you actually have to retrieve the password using a function like mysql_fetch_array.
michaeru
Forum Commoner
Posts: 28
Joined: Sun Mar 07, 2010 5:22 pm

Re: comparing stored and entered values

Post by michaeru »

Won't it be better to do this:

$sql = 'SELECT `psword` FROM `Members` WHERE `usrname` = \'fjohnson\' AND `psword` = \'' . md5($_POST["psword2"]) . '\'';

$result = mysql_query($sql, $conn);

if(mysql_num_rows($result) == 1) {

//If equal

} else {

//If not equal

}
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: comparing stored and entered values

Post by John Cartwright »

michaeru wrote:Won't it be better to do this:

$sql = 'SELECT `psword` FROM `Members` WHERE `usrname` = \'fjohnson\' AND `psword` = \'' . md5($_POST["psword2"]) . '\'';

$result = mysql_query($sql, $conn);

if(mysql_num_rows($result) == 1) {

//If equal

} else {

//If not equal

}
Actually, since the length of the generated md5 length is considerably long, which in turn makes indexing slower, it's better to return the row by a single smaller key and make the comparisons in php.
php_user13
Forum Newbie
Posts: 8
Joined: Sat Mar 06, 2010 9:01 pm

Re: comparing stored and entered values

Post by php_user13 »

Thanks for your replies. I got a bit distracted with another problem. Yes, I did try the query method. I got a result when it was true, but my error message failed for some reason.
$value1 = $_POST["usrname"];
$value2b = md5($_POST["psword"]);
$query = "SELECT * FROM Members WHERE usrname='$value1' AND encode='$value2b'";
$results = mysql_query($query, $conn);
if (!$results) { die ("Error selecting Members data: " .mysql_error());
echo '<p> Your password is incorrect, please try again </p>'; // This is not working
}else {//this bit worked }
php_user13
Forum Newbie
Posts: 8
Joined: Sat Mar 06, 2010 9:01 pm

Re: comparing stored and entered values

Post by php_user13 »

Thanks to everyone that contributed, your assistance was very much appreciated. Still not sure where my error is, probably just a bracket in the wrong place ... I hope.
When I substituted the code provided in the response I achieved the result I wanted. Thanks michaeru
Now if someone were good at designing webpages ....
Post Reply