Page 1 of 1

my code doesnt work, please help

Posted: Tue Jul 13, 2010 4:04 am
by hetrox
<?php

$user = $_GET['usid'];
$code = $_GET['pass'];

$date = date("D M d, Y");
$time = date("G:i a");


if (Login is clicked)
{

$con = mysql_connect("localhost");
if (!$con)
{
die('CONNECTION UNAVAILABLE ' . mysql_error());
}
else
{

mysql_select_db("Attendance", $con);

$pass = mysql_query("Select PW FROM Employees
WHERE EmpID == $user");

if ( $pass == $code )
{
mysql_query("INSERT INTO Attendance (CDate, TimeIn)
VALUES ($date, $time)
WHERE (Id==$user && pass==$code);

echo "You have logged in as: " . $user . " at " . date("D M d, Y G:i a");
mysql_close($con);

}

else
{
echo "Wrong password or username, try again."
}

else
{

$con = mysql_connect("localhost");
if (!$con)
{
die('CONNECTION UNAVAILABLE ' . mysql_error());
}
else
{

mysql_select_db("Attendance", $con);

$pass = mysql_query("Select PW FROM Employees
WHERE EmpID == $user");

if ( $pass == $code )
{
mysql_query("INSERT INTO Attendance (CDate, TimeOut)
VALUES ($date $time)")
WHERE (Id==$user && pass==$code);

echo "You have logged out at " . date("D M d, Y G:i a");
mysql_close($con);

}

else
{
echo "Wrong password or username, try again."
}

}


?>




This is my code, im trying to input the login time of a user when he clicks on the login button, and to input the logout time when he logs off. it's not working please help

Re: my code doesnt work, please help

Posted: Tue Jul 13, 2010 7:03 am
by MattF
hetrox wrote: if (Login is clicked)
This is not valid PHP code, do you mean if($login == 'clicked') ?
hetrox wrote: $pass = mysql_query("Select PW FROM Employees
WHERE EmpID == $user");
Classic SQL injection problem here, make sure you mysql_real_escape_string($user)

Also you are only running a query, not getting the result from it, you need to mysql_result(mysql_query()) to get the data out.


Your main problem is that you're running a query to fetch data but not actually getting the data out of the query result