PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
For future posting reference, please use the special BBcode tags to enclose code that you post, as I have edited your post, below. This being PHP code, use [ php ] ... [ /php ] around your code (without the spaces). Also, eliminate multiple blank lines that only make your code longer. Your questions will receive much more attention when they are not so difficult to read. -Moderator
Hallo
I would like to build in a code that checks if the user has put in the right details. If i put in this code then it shows the sql code, instead of desplaying the webpage. Can somebody please help me? Here is the login code and the validating code follows.
If your raw SQL appears in the browser, it is because you have made a mistake in your PHP syntax, perhaps missing a double quotes or something, so the web server doesn't recognize it as code, but rather something to be sent to the browser.
As for integrating your validation code into the main script (which is what I think you are asking for), there are lots of ways to do that, so you'll have to hope that someone has an hour or two to spend figuring out what your script is all about and then rewriting it all for you and testing it. Good luck.
your problem that i see so far is in the script
Validating/or checking code/test code
On line 8 you have $password_query = blah
Then on line 12 directly after the query you have 'echo $password_query'
That is your problem, you aren't running mysql_query($password_query) and just echoing the variable password_query instead!
Like i said, that's all i see so far, if it doesn't work then i'll look through the rest, but for now that's your lot due to tiredness!
it is because you have made a mistake in your PHP syntax, perhaps missing a double quotes or something, so the web server doesn't recognize it as code, but rather something to be sent to the browser.
I don't want to seem too out of my depth with this because I am only a new guy at programming PHP (although experienced in other other languages so understand the structure) but the only way a PHP script can enter text in to the html environment is either through an ECHO/PRINT request or through some form of function error debug display, which would make it impossible to pronounce a single line of code, or even a whole list of errors unless the php server was configured to do so (which unless it's a test server is very rare). Are you thinking about how html works?
I don't want to seem too out of my depth with this because I am only a new guy at programming PHP (although experienced in other other languages so understand the structure) but the only way a PHP script can enter text in to the html environment is either through an ECHO/PRINT request or through some form of function error debug display, which would make it impossible to pronounce a single line of code, or even a whole list of errors unless the php server was configured to do so (which unless it's a test server is very rare)!
PHP is a web server preprocessing language, and the web server will send to the browser absolutely everything that it doesn't recognize as PHP code or HTML tags (or Javascript, etc.). So, for example, if you mangle the <?php tag (leave a space in it or something), it will spew out all the PHP code as if it were HTML text.
So, for example, if you mangle the <?php tag (leave a space in it or something), it will spew out all the PHP code as if it were HTML text.
But in my own personal experience, using an apache, php, mysql and smtp capable test server ALWAYS (including web hosts too) give you a blank page if ANY syntax is wrong, UNLESS your php debug settings are active but that doesn't happen on a web host's config and is not default on apache or php installations.
So, for example, if you mangle the <?php tag (leave a space in it or something), it will spew out all the PHP code as if it were HTML text.
But in my own personal experience, using an apache, php, mysql and smtp capable test server ALWAYS (including web hosts too) give you a blank page if ANY syntax is wrong, UNLESS your php debug settings are active but that doesn't happen on a web host's config and is not default on apache or php installations.
Only if it recognizes it as PHP. Try using < ?php (extra space in tag) and see what comes out.
between < and ? at the beginning = true but otherwise false, the man did not say it revealed all, only the query he input. if you do not miss out the space between < and ? it will not reveal the code in any case except debug enabled ini's, but is a mistake very rarely made (especially if you use a php recognisition editor) if at all.
8ennett wrote:between < and ? at the beginning = true but otherwise false, the man did not say it revealed all, only the query he input. if you do not miss out the space between < and ? it will not reveal the code in any case except debug enabled ini's, but is a mistake very rarely made (especially if you use a php recognisition editor) if at all.
You've made a good point. Actually, there are a few other specific mistakes that can cause the same behavior, like missing the beginning bracket, but I admit that these are not common situations and if you use an editor that parses and color codes, you should easily spot it. Anyway, it was the first thing that occurred to me when he said that he was seeing raw SQL in his browser. If the web server doesn't recognize something as being within a php block and there's no actual php syntax error detected, it will render it as text. So I guess that boils down to a mangled opening php tag, a smaller exposure than my first comment would justify. Thanks for the discussion.
## EDIT ## Like i've said before I'm only a newbie and it's these types of debates that help me, so don't think of me as arrogant, just think of me as someone trying to learn more!