Page 1 of 1

login help

Posted: Sat May 20, 2006 11:16 am
by tommy1987
Hi im trying to write a script which lets users log in. It validates users against a database of users, I want to be able to take variables posted from a form, search for something like:

Code: Select all

$user = $_POST['login_username'];
$query = "select * from users where user = $user";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($result) or die(mysql_error());

if($_POST['login_username'] == $row['user'] && $_POST['login_password'] == $row['pass'])
{
//login correct
echo "Thanks ".$row['usr']." for logging in";
$_SESSION['logged_in'] = "YES";

} elseif($_POST['login_password']) {
//login incorrect
echo 'Incorrect login '.$_POST['login_username'];
}
The way I anticipate it working is searching for the user in the table of the username they enter, then getting the password to mathc and checking it against the one they entered. It doesnt seem to work though, it says stuff about error in SQL syntax, I believe the problem is here.

Hope someone can help, Thanks in advance, Tom

Posted: Sat May 20, 2006 11:21 am
by someberry
What's the problem?

I would personally check the database for the username and password simultaniously, and then check the number of returned rows - would be more efficient.

Posted: Sun May 21, 2006 6:14 am
by tommy1987
Could someone please write a code example to support what has been suggested, I am new to mySQL and would like to see the format of what he means.

Thanks, Tom

Posted: Sun May 21, 2006 6:45 am
by timvw
Could you please search the web / this forum for an example.. It has been written many times before... So i'm sure you'll find a good example...

Eg: i found http://www.yeswebmaster.com/article.php?id=45 when i searched for 'php mysql login select count'. (Be aware that you should use http://www.php.net/mysql_real_escape_string instead of the addslashes in that article though)