Page 1 of 1

mySQL troubles..

Posted: Fri Sep 22, 2006 6:21 pm
by tommy1987
I have the following code, to try to log a user in, the only problem is everytime it fails and complains about line 13 ($count=mysql_num_rows($result);) Can anyone spot the problem?

Code: Select all

<?php
include("include-mysql.php");

$myusername = $HTTP_POST_VARS['UN'];
$mypassword = $HTTP_POST_VARS['Pass'];

$tbl_name="users"; // Table name

$sql="SELECT * FROM $tbl_name WHERE usr='$myusername' and pass='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
echo "Login Successful!";
}
else {
echo "This login attempt has failed. <br/>Please Check your username and/or password.<br/>";
}
?>
Thanks..

Posted: Fri Sep 22, 2006 6:36 pm
by tommy1987
now got that sorted but getting the following error when trying to register some session vars:

Warning: session_register(): Cannot send session cache limiter - headers already sent (output started at /home/tom10001/public_html/edit/login.php:7) in /home/tom10001/public_html/edit/login.php on line 17

Posted: Fri Sep 22, 2006 7:36 pm
by bimo
first you need to open a connection to the database and select the database,

Code: Select all

mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
mysql_select_db(DB_DATABASE);
then you put the query into a variable and pass the variable to mysql_query().

b

Posted: Fri Sep 22, 2006 10:49 pm
by Burrito
tommy1987 wrote:Warning: session_register(): Cannot send session cache limiter - headers already sent (output started at /home/tom10001/public_html/edit/login.php:7) in /home/tom10001/public_html/edit/login.php on line 17
you're probably outputting something (even whitespace will trigger that error) above your session declaration. search this forum for 'headers already sent', you'll find a billion and 5 posts about it.

Posted: Sat Sep 23, 2006 9:39 am
by feyd
  • $HTTP_POST_VARS has been transitioned out to $_POST, unless you're using an old version of PHP.
  • By using $myusername and $mypassword without any filtration and/or transformation you may have a security hole that could allow anyone access to your site.
  • Unless you're using a fairly old version of PHP, session_register() shouldn't be called, ever.
  • header() based redirection needs full URLs to be standards compliant. Your current web server may not have a problem with them, nor may the browser you are using, but if moved to another server or someone with a different browser attempts to use this page, it may not work. A full URL starts with "http://" and so forth.