beginner - mysql_connect( ) question

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
venadder
Forum Newbie
Posts: 4
Joined: Sun Nov 05, 2006 3:07 pm

beginner - mysql_connect( ) question

Post by venadder »

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


am just starting to learn PHP on my own and thought should convert on of my projects to PHP , that way will learn it in practice.
I have a problem with the following script:

Code: Select all

<?
$connection = mysql_connect( "localhost", $_POST[uid], $_POST[auth_code] );
if( $connection ){
echo"Login Successfull";
}else{
header( "login.html" );
}
?>
What i get as a result of this script is:

Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'cpm'@'localhost' (using password: YES) in D:\webroot\bpms\login.php on line 4

Warning: Cannot modify header information - headers already sent by (output started at D:\webroot\bpms\login.php:3) in D:\webroot\bpms\login.php on line 8

I get the above response instead of the login.html page when i provide invalid username and password.

Everything works fine if the username and password are correct, I mean the echo "login successfull" works fine.

I thought mysql_connect is supposed to return false if unsuccessfull, so why then the warning and the redirection with header fails?


thnx for help


feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
printf
Forum Contributor
Posts: 173
Joined: Wed Jan 12, 2005 5:24 pm

Post by printf »

Use the @, to kill the warning!

Code: Select all

$connection = @mysql_connect( 'localhost', 'guess', 'who' );

if( ! $connection )
{
	header ( 'Location: http://www.site.com/login.php?error=' . urlencode ( mysql_error () ) );
	exit ();
}

// continue with script login ok...

printf
venadder
Forum Newbie
Posts: 4
Joined: Sun Nov 05, 2006 3:07 pm

Post by venadder »

thanx a lot bro. that helped a lot
User avatar
Cameri
Forum Commoner
Posts: 87
Joined: Tue Apr 12, 2005 4:12 pm
Location: Santo Domingo, Dominican Republic

Post by Cameri »

So anyone can open your login.php page and put in the url error=whatever%20i%20want?

No! Don't let users be able to modify the content of you page that way.
And what's worse, you shouldn't be letting the users know what error your mysql said.
That could let them know a LOT about your server, which means they can find ways to hijack into it.
Post Reply