Page 1 of 1

Help

Posted: Wed Apr 14, 2004 7:29 pm
by idnoble
I'm creating a login system that makes use cookies for authorisation, I have created my HTML form and my PHP script byt each time I try to login it always displays the error message

Query was empty

Also I specified to PHP to divert to another page incase the form was submitted empty and incase access was denied, but each time I submitted a blang login form I get a Warning message

Warning: Cannot modify header information - headers already sent by (output started at d:\phpweb\xplosivehome.php:7) in d:\phpweb\xplosivehome.php on line 844

I've done everything I can think of but it just won't work has anyone got any idea what I'm doing wrong, my HTML form and PHP script are below

Here's my HTM form
<form name="logincx" method="post" action="xplosivehome.php" enctype="multipart/form-data">
<p style="font-size: 10pt; color:white; font-style:sylfaen"><strong>Email:</strong>
<input type="text" name="Email" size="10"> </p>
<p style="font-size: 10pt; color:white; font-style:sylfaen"><strong>Password:</strong>
<input type="password" name="Password" size="10">
<input type="submit" name="Submit" value="Login"></p>
</form>

and here's my Script

Code: Select all

<?php
//Create short variable names
$Email = $HTTP_POST_VARS['Email'];
$Password = $HTTP_POST_VARS['Password'];
//Check for required fields from login form
if (!$Email || !$Password){
    header('http:82.44.148.126/login.html');
	exit;
}

//Connect to mysql servers and select database
$session = mysql_connect("localhost", "root", "platinum")
            or die(mysql_error());
mysql_select_db("xplosive") or die(mysql_error());

//issue query to mysql
$sql = "select First_name, Last_name 
        from customer_account 
		where $Email AND $Password"; 
$result = mysql_query($mysql,$session) or die(mysql_error());

//acquire number of rows in the result set
if (mysql_num_rows($result) == 1) {

//If authorised get values of First and last names
$First_name = mysql_result($result, 0, 'First_name');
$Last_name = mysql_result($result, 0, 'Last_name');

//Set authorisation cookie
setcookie("auth", "1", 0, "/", "xplosivehome.php", 0);

$msg = '<p style= "font-size: 12pt; color: black"><strong>Hello $First_name $Last_name</strong></p>';
}
else {

//redirect back to login form if unauthorised
header("'http:82.44.148.126/login.html'");
exit;
}
?>
Thank you

Posted: Wed Apr 14, 2004 7:32 pm
by markl999
$sql = "select First_name, Last_name
from customer_account
where $Email AND $Password";
That should be something like:
$sql = "SELECT First_name, Last_name
FROM customer_account
WHERE email='$Email' AND password='$Password'";

Posted: Wed Apr 14, 2004 7:40 pm
by Unipus
To answer your other question:
always displays the error message

Query was empty

Also I specified to PHP to divert to another page incase the form was submitted empty and incase access was denied, but each time I submitted a blang login form I get a Warning message
Headers can't be modified after output has been sent to the screen. So in this case you're trying to perform a header operation, but your code has already echoed 'Query was empty' to the screen, and that's why it fails.