I'm still learning PHP and am having problems comparing stored and entered values.
I can display stored data via the SELECT statement, but not act on it. E.g. I have stored the encrypted version of an entered password
$encPass = md5($_POST["psword"]);
I want to compare this stored value with a later entered value via a login form e.g. $encLogin = md5($_POST["psword2"]);
If the two (encrypted) values are the same the user gains access to a webpage via a link
md5 ensures the encryptions are consistent, but I can't act on the stored value
$query = "SELECT psword FROM Members WHERE usrname='fjohnson'";
$results = mysql_query($query, $conn);
I can't act on this value to make the comparison.
Can anyone advise?
comparing stored and entered values
Moderator: General Moderators
-
php_user13
- Forum Newbie
- Posts: 8
- Joined: Sat Mar 06, 2010 9:01 pm
comparing stored and entered values
Last edited by php_user13 on Sun Mar 07, 2010 2:30 am, edited 1 time in total.
Re: comparing stored and entered values
I answered this question on the thread you already started regarding this issue...please don't double post.
-
php_user13
- Forum Newbie
- Posts: 8
- Joined: Sat Mar 06, 2010 9:01 pm
Re: comparing stored and entered values
Sorry,
I wasn't sure that one would look at the second level question
However, I tried a similar version of the "Password" example and it didn't work, which is why I posted the query
I can access input data, but not stored data,
I can only display the contents of the database, not process it in an if statement.
I wasn't sure that one would look at the second level question
However, I tried a similar version of the "Password" example and it didn't work, which is why I posted the query
I can access input data, but not stored data,
I can only display the contents of the database, not process it in an if statement.
Re: comparing stored and entered values
Ok, where are you actually getting the password field from the database? Looks to me like you stopped after you performed the query...you actually have to retrieve the password using a function like mysql_fetch_array.
Re: comparing stored and entered values
Won't it be better to do this:
$sql = 'SELECT `psword` FROM `Members` WHERE `usrname` = \'fjohnson\' AND `psword` = \'' . md5($_POST["psword2"]) . '\'';
$result = mysql_query($sql, $conn);
if(mysql_num_rows($result) == 1) {
//If equal
} else {
//If not equal
}
$sql = 'SELECT `psword` FROM `Members` WHERE `usrname` = \'fjohnson\' AND `psword` = \'' . md5($_POST["psword2"]) . '\'';
$result = mysql_query($sql, $conn);
if(mysql_num_rows($result) == 1) {
//If equal
} else {
//If not equal
}
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
Re: comparing stored and entered values
Actually, since the length of the generated md5 length is considerably long, which in turn makes indexing slower, it's better to return the row by a single smaller key and make the comparisons in php.michaeru wrote:Won't it be better to do this:
$sql = 'SELECT `psword` FROM `Members` WHERE `usrname` = \'fjohnson\' AND `psword` = \'' . md5($_POST["psword2"]) . '\'';
$result = mysql_query($sql, $conn);
if(mysql_num_rows($result) == 1) {
//If equal
} else {
//If not equal
}
-
php_user13
- Forum Newbie
- Posts: 8
- Joined: Sat Mar 06, 2010 9:01 pm
Re: comparing stored and entered values
Thanks for your replies. I got a bit distracted with another problem. Yes, I did try the query method. I got a result when it was true, but my error message failed for some reason.
$value1 = $_POST["usrname"];
$value2b = md5($_POST["psword"]);
$query = "SELECT * FROM Members WHERE usrname='$value1' AND encode='$value2b'";
$results = mysql_query($query, $conn);
if (!$results) { die ("Error selecting Members data: " .mysql_error());
echo '<p> Your password is incorrect, please try again </p>'; // This is not working
}else {//this bit worked }
$value1 = $_POST["usrname"];
$value2b = md5($_POST["psword"]);
$query = "SELECT * FROM Members WHERE usrname='$value1' AND encode='$value2b'";
$results = mysql_query($query, $conn);
if (!$results) { die ("Error selecting Members data: " .mysql_error());
echo '<p> Your password is incorrect, please try again </p>'; // This is not working
}else {//this bit worked }
-
php_user13
- Forum Newbie
- Posts: 8
- Joined: Sat Mar 06, 2010 9:01 pm
Re: comparing stored and entered values
Thanks to everyone that contributed, your assistance was very much appreciated. Still not sure where my error is, probably just a bracket in the wrong place ... I hope.
When I substituted the code provided in the response I achieved the result I wanted. Thanks michaeru
Now if someone were good at designing webpages ....
When I substituted the code provided in the response I achieved the result I wanted. Thanks michaeru
Now if someone were good at designing webpages ....