Page 1 of 1

beginner - mysql_connect( ) question

Posted: Sun Nov 05, 2006 3:20 pm
by venadder
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


am just starting to learn PHP on my own and thought should convert on of my projects to PHP , that way will learn it in practice.
I have a problem with the following script:

Code: Select all

<?
$connection = mysql_connect( "localhost", $_POST[uid], $_POST[auth_code] );
if( $connection ){
echo"Login Successfull";
}else{
header( "login.html" );
}
?>
What i get as a result of this script is:

Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'cpm'@'localhost' (using password: YES) in D:\webroot\bpms\login.php on line 4

Warning: Cannot modify header information - headers already sent by (output started at D:\webroot\bpms\login.php:3) in D:\webroot\bpms\login.php on line 8

I get the above response instead of the login.html page when i provide invalid username and password.

Everything works fine if the username and password are correct, I mean the echo "login successfull" works fine.

I thought mysql_connect is supposed to return false if unsuccessfull, so why then the warning and the redirection with header fails?


thnx for help


feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Sun Nov 05, 2006 3:58 pm
by printf
Use the @, to kill the warning!

Code: Select all

$connection = @mysql_connect( 'localhost', 'guess', 'who' );

if( ! $connection )
{
	header ( 'Location: http://www.site.com/login.php?error=' . urlencode ( mysql_error () ) );
	exit ();
}

// continue with script login ok...

printf

Posted: Sun Nov 05, 2006 5:24 pm
by venadder
thanx a lot bro. that helped a lot

Posted: Sun Nov 05, 2006 6:14 pm
by Cameri
So anyone can open your login.php page and put in the url error=whatever%20i%20want?

No! Don't let users be able to modify the content of you page that way.
And what's worse, you shouldn't be letting the users know what error your mysql said.
That could let them know a LOT about your server, which means they can find ways to hijack into it.