How to Assign a variable using a select statement

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
oscardog
Forum Contributor
Posts: 245
Joined: Thu Oct 23, 2008 4:43 pm

How to Assign a variable using a select statement

Post by oscardog »

Well, i current have this:

Code: Select all

$query = "SELECT * FROM members WHERE password = '$password'";
$result1 = mysql_query($query) or die("Can't execute insert query: " . mysql_error());
$row = mysql_fetch_array($result1);
$passwordcheck = $row['password'];
But it doesnt assign the value, it is left blank when i test it using an echo.

I know its CLOSE to being right, or im pretty sure its close. Anyone?

Thanks
User avatar
Jaxolotl
Forum Contributor
Posts: 137
Joined: Mon Nov 13, 2006 4:19 am
Location: Argentina and Italy

Re: How to Assign a variable using a select statement

Post by Jaxolotl »

First of all, be careful because your code is far far insecure. Make a search of sqlIngjection
Then take a look @ http://www.php.net/mysql_real_escape_string mysql_real_escape_string()

now take a look @ your code

Code: Select all

 
//Assuming $password is a POST info string and is already posted
$password = (string)$_POST['password'];
 
$query = "SELECT * FROM `members` WHERE `password`  = '".$password."' ";
// are you shure you want to retrieve al inf from that member using * ? I suggest to ask only what you need
 
 $result1 = mysql_query($query) or die("Can't execute insert query: " . mysql_error());
$row = mysql_fetch_array($result1);
$passwordcheck = $row['password'];
 
try something like that

by the way, are you storing password as unencrypted plain text? beware man
oscardog
Forum Contributor
Posts: 245
Joined: Thu Oct 23, 2008 4:43 pm

Re: How to Assign a variable using a select statement

Post by oscardog »

Thanks for the help, will try it in a second. And that was a segment code code just to retrieve the data, it does all the injections and md5'ing elsewhere in the scipt ;)

Also should i do the injections(stripslashes etc) before or after that query?
Last edited by oscardog on Tue Nov 04, 2008 9:59 am, edited 1 time in total.
User avatar
Jaxolotl
Forum Contributor
Posts: 137
Joined: Mon Nov 13, 2006 4:19 am
Location: Argentina and Italy

Re: How to Assign a variable using a select statement

Post by Jaxolotl »

Bravo ;)
oscardog
Forum Contributor
Posts: 245
Joined: Thu Oct 23, 2008 4:43 pm

Re: How to Assign a variable using a select statement

Post by oscardog »

Code: Select all

<?php
if(isset($_POST['submit'])){
 
if (!$_POST['username'] | !$_POST['password'])
{
die('You did not complete all the required fields. Please go to the <a href="login.php">login page</a>');
}
 
include("connection.php");
 
$username=$_POST['username']; 
$password=$_POST['password'];
 
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$password = md5($password);
$query = "SELECT * FROM `members` WHERE `password`  = '".$password."' ";
$result1 = mysql_query($query) or die("Can't execute insert query: " . mysql_error());
$row = mysql_fetch_array($result1);
$passwordcheck = $row['password'];
$passwordcheck = stripslashes($passwordcheck);
 
$sql = "SELECT * FROM members WHERE username='$username' and password='$password'";
$result2 = mysql_query($sql);
 
$count=mysql_num_rows($result2);
echo "Hello2";
echo $password;
echo "hello";
echo $passwordcheck;
echo $count;
if($count == 1 && $password == $passwordcheck) {
session_register("username");
header('location: guild_registration.php');
}
there is an else statement, but i cba to put it up...
oscardog
Forum Contributor
Posts: 245
Joined: Thu Oct 23, 2008 4:43 pm

Re: How to Assign a variable using a select statement

Post by oscardog »

Yeh it doesnt give the password to the variable*
lettie_dude
Forum Commoner
Posts: 65
Joined: Thu Dec 07, 2006 10:10 am

Re: How to Assign a variable using a select statement

Post by lettie_dude »

Try adding MYSQL_ASSOC

Code: Select all

mysql_fetch_array($result1, MYSQL_ASSOC);
Im also assuming you md5 the passwords when you entered them into the database, otherwise your query will always return false.
Post Reply