Can't get passed this if statement. Why??? can you help?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
toby_c500
Forum Commoner
Posts: 50
Joined: Fri May 11, 2007 11:29 am
Location: Leeds, England

Can't get passed this if statement. Why??? can you help?

Post by toby_c500 »

Hi,

I'm new to PHP. I am having real problems getting passed this if statement. I'm sure the answer is staring me in the face.
I think it is a problem with the mysql_query line. The if statement below keeps showing true.

Any Ideas???

Thanks in advance
Toby

-----------------------------

Code: Select all

<?php
session_start();

$links = "<a herf = 'main.php'> Click here to go back to the main page.</a><br><br><a herf = 'logout.php'> Click here to logout.</a>";

if ($loginid && $password) {
	
	if ($logged_in_user == $loginid)
		echo $loginid.", you are already logged in.<br>";
		echo $links;
		exit;
		}
  

$db = mysql_connect('xxxxxxxxxxx', 'xxxxxxxxxxx', 'xxxxxxxxxxxxxx');
  
   
   $result = mysql_query("SELECT * FROM members WHERE loginid = '".$loginid."'
   						AND password = '".$password."'");
   						
   		if (!$result) {
   			echo "Sorry, we are having technical diffuculties. We cannot enter your details.";  //<--- This line keeps showing true//
   			exit;
   			}			
  	 	if (mysql_num_rows($result) >0){
   			$logged_in_user = $loginid;
   			session_register("logged_in_user");
   			echo "<h1>Welcome '".logged_in_user."'</h1><br><br>$links";
   			exit;
   			}
   		else{
   			echo "There is no match on our records. Please try again or register as a new user";	
   			
   			}
  	 	
  	 	
?>
Weirdan| Fixed broken syntax tags
User avatar
guitarlvr
Forum Contributor
Posts: 245
Joined: Wed Mar 21, 2007 10:35 pm

Post by guitarlvr »

Where are you getting $loginid and $password from?

Wayne
User avatar
kaszu
Forum Regular
Posts: 749
Joined: Wed Jul 19, 2006 7:29 am

Post by kaszu »

I assume $loginid and $password comes from $_POST and $_GET and register_globals are on.
You should code with register_globals off, because not all hosts have them enabled and in PHP 6 it will be removed.
You should filter user input (mysql_real_escape_string)

Before exit add

Code: Select all

echo mysql_error();
and post what it says.

Also viewtopic.php?t=62782&highlight=constsalt may be useful for you.
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

Code: Select all

error_reporting(E_ALL);
ini_set('display_errors', true);
at the beginning of your script is also a good idea.
toby_c500
Forum Commoner
Posts: 50
Joined: Fri May 11, 2007 11:29 am
Location: Leeds, England

Post by toby_c500 »

Thanks for your help guys.

I've just been reading up on 'register_globals'.

How do I use my HTML form's details (loginid and password) to check on mysql database?

The tutorials I am learning from MUST be out of date now. I follow the example and nothing seems to go right.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

if e.g. your form's method is post you use $_POST['propname'] instead of $propname, method="get" -> $_GET['propname'].

Code: Select all

<html>
  <header><title>POST test</title></head>
  <body>
<?php
if ( isset($_POST['myPassword']) ) {
  echo '<p>password: ', $_POST['myPassword'], "</p>\n";
}
?>
    <form method="post" action="?">
      <div>
        <input type="password" name="myPassword" />
        <input type="submit" />
      </div>
    </form>
  </body>
</html>
Last edited by volka on Fri May 11, 2007 2:20 pm, edited 1 time in total.
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

Check out the php manual page for superglobals: http://us2.php.net/manual/en/language.v ... ternal.php
Post Reply