form validation problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mlecho
Forum Commoner
Posts: 53
Joined: Wed Feb 02, 2005 9:59 am

form validation problem

Post by mlecho »

hi guys...i have this dilemma...i am learning how to validate a form. Before i step into case sensitivity, i have a more pressing issue. The user names and passwords are held in a mysql table. $un and $ps are posted to the script. NOw, if the password and username match what is on the db, all is fine. If the user gets one of the two wrong, then it runs the returnToStart() function. However, if the user should type into the username field a name that is not on the db, and any random password, the script still runs as if all is fine. How do i clarify to PHP that if the username $ps is not in the db (!$info['userName'), then returnToStart()?

Code: Select all

function getStuff($un,$ps){
	$sql="SELECT * FROM users WHERE userName='$un'";
	$res=mysql_query($sql)or die(mysql_error());
	while($info= mysql_fetch_assoc($res)){
	
		if($ps==$info['password'] && $un==$info['userName']){
		
			break;
		}else{
			returnToStart();
		}
	}
}
i have tried several variations of

Code: Select all

if($ps!=$info['password']..
if(!$info['password']..
if(count($info['userName'])<=0)...//my most desperate attempt
none of which worked
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Your while loop won't even execute if the user name doesn't exist.

mysql_num_rows() may be of interest here. Also, you should be able to check if the password matches in the query too. I also hope that your code is reasonably protected from SQL injection.
mlecho
Forum Commoner
Posts: 53
Joined: Wed Feb 02, 2005 9:59 am

Post by mlecho »

feyd- something told me that you would be the one to chime in. Yeah, that worked just great. Can you refer me to a place to learn/read more about mysql injection? Sounds like i have some learning to do.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Search around for the phrase "SQL injection."
Post Reply