I am using an authentication system that uses php and mysql... it works fine as is, but I want to customize it a bit to add some additional functionality... currenlty, when a user logs in, cookies are created from what they enter (username and password), which I use to populate fields later when the user is filling out a series of forms... so far so good.
I want to add another cookie, using a value pulled from the authuser table, so that I can have that value available to populate a field in the later forms as well (so that the users don't have to keep inputting it with every form).
Here's what I've got (everything after //GET TEAM NAME is the code I've added to the script... ):
Code: Select all
// DB SETTINGS
$dbhost = "localhost"; // Change this to the proper DB Host name
$dbusername = "xxxx"; // Change this to the proper DB User
$dbpass = "xxxxxxxx"; // Change this to the proper DB User password
$dbname = "testing"; // Change this to the proper DB Name
// Use Sessions
// NOTE: This will store the username and password entered by the user to the cookie
// variables USERNAME and PASSWORD respectively even if the combination is correct or
// not. Be sure to authenticate every page that you want to be secured and pass as
// parameters the variables USERNAME and PASSWORD.
setcookie ("USERNAME", $_POSTї'username']);
setcookie ("PASSWORD", $_POSTї'password']);
$username = $_POSTї'username'];
// GET TEAM NAME
// this is where we get the team or usertype name for the user in order to create the cookie
$db = mysql_pconnect($dbhost, $dbusername, $dbpass);
if (!$db) {
echo( "<p>Unable to connect to the " .
"database server at this time.</p>" );
exit();
}
mysql_select_db($dbname, $db) or die( "Unable to select database");
$sql = "SELECT team FROM authuser WHERE uname = ".$username."";
$result = mysql_query ($sql, $db) or die(mysql_error());
$row = mysql_fetch_array($result);
setcookie ("USERTYPE", $row);
?>When I log in, this script is called (there's a lot more to it, that isn't relevant to this part of my problem)... and I'm getting the error:
Tester1 is the username I input in the login page.Unknown column 'Tester1' in 'where clause'
The other thought I had was to add the query to get the value for "team" at the top of each form, and pass it to the form and it's db table that way, rather than by cookie... but I'm guessing I'll have the same problem.
I've been messing around with this for a couple of hours, and it's clear I don't know enough to fix this on my own... any suggestions?
Thanks,
Scott