MySQL statement for Login may be failing

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
cecilchampenois
Forum Commoner
Posts: 47
Joined: Thu Nov 06, 2014 10:29 am
Location: Gilbert, Arizona
Contact:

MySQL statement for Login may be failing

Post by cecilchampenois »

Is there anything wrong with the following statement?
When I do the following code, the result doesn't look right: (I rewrote the true password below with a fake one.)

Code: Select all

$sql = "SELECT client_no, access_level, logo_file, main_page, last_login, audit_year, active_client, 
           email_address FROM $table_name WHERE login_id='$myusername' and 
		   login_password=aes_encrypt('$mypassword', 'bubbagump')";

print("<br/>");
print($sql);
print("<br/>");
When I print the result out, it looks like this:
SELECT client_no, access_level, logo_file, main_page, last_login, audit_year, active_client, email_address FROM logins WHERE login_id='' and login_password=aes_encrypt('', 'bubbagump')
It looks like the two single quotes around $myusername came together because the rendered value wasn't there. So, it appears as if you have WHERE login_id='' is double quotes, but it must be single quotes.
Notice that after
WHERE login_id=''
that there is just nothing. I have checked to see if the variable $myusername has picked up the POST myusername and it has, so this should absolutely work. It isn't working, and I get "Wrong Username or Password". However, the same exact code is used on our production website and it works just fine.
Cecil Champenois
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: MySQL statement for Login may be failing

Post by Celauran »

Have you checked that $myusername and $mypassword are defined?

Code: Select all

var_dump($myusername, $mypassword, $sql);
cecilchampenois
Forum Commoner
Posts: 47
Joined: Thu Nov 06, 2014 10:29 am
Location: Gilbert, Arizona
Contact:

Re: MySQL statement for Login may be failing

Post by cecilchampenois »

I just used a bunch of print commands to check out where the values disappear and they disappear when using the mysql_real_escape_string() function. I am on an upgraded Ubuntu server 14.04.xx with PHP 5.5.9. The PHP is a later vesion so I now see that mysql_real_escape_string is a deprecated function. The below code is where the value dropped off. I read that someone recommended using mysqli_real_escape_string(). I tried it and it doesn't work, so I must assume that I do not yet know enough to do this right. This appears to be a situaiton where I need to upgrade the code to using non-deprecated functions throughout.

Code: Select all

$myusername = mysql_real_escape_string($myusername);
Well, I can see that I need to choose either object-oriented or procedural and that begins with the type of connection. Right now, the connection is procedural using:

Code: Select all

$ms = mysql_pconnect($host, $user, $pass);
which I understand has also been deprecated.
Cecil Champenois
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: MySQL statement for Login may be failing

Post by Celauran »

You should really be using PDO and prepared statements instead of mysql_ functions.
Post Reply