Page 1 of 1

mysql

Posted: Thu Jun 10, 2004 9:58 pm
by ol4pr0
Where did i go wrong

Code: Select all

<?php
$encrypted_password = "SELECT password FROM users WHERE login={$_REQUEST['login']}";
	if (crypt($_REQUEST['password'],$encrypted_password)==$encrypted_password)
	{
		echo ("logged in");
	}
// the following returns the right user and password..
// but no echo logged in.

echo $encrypted_password;
echo $_REQUEST['password'];



?>

Posted: Thu Jun 10, 2004 10:01 pm
by markl999
$encrypted_password = "SELECT password FROM users WHERE login={$_REQUEST['login']}";
should be
$encrypted_password = "SELECT password FROM users WHERE login='{$_REQUEST['login']}'";

and unless you didn't actually post it, i don't see where you perform the actual query and get the results with a mysql_fetch_* ?

Posted: Thu Jun 10, 2004 10:18 pm
by ol4pr0
I do see my error with getting the results back of the actual query, however adding that didnt make much differants

Also i do not see where/why, or how i should put in the fetch_

Posted: Thu Jun 10, 2004 10:24 pm
by markl999
Well you seem to want to be performing a query, "SELECT password FROM users WHERE login='{$_REQUEST['login']}'" but you never actual perform a query. E.g something like:

Code: Select all

$sql = "SELECT password FROM users WHERE login='{$_REQUEST['login']}'"; 
//connect to the db here etc..etc..
$result = mysql_query($sql) or die(mysql_error());
if(mysql_num_rows($result)){
    $row = mysql_fetch_assoc($result);
    $encrypted_password = $row['password'];
    if (crypt($_REQUEST['password'],$encrypted_password)==$encrypted_password) {
       echo 'logged in';
   } else {
        echo 'not logged in';
   }
} else {
     echo 'no rows returned from the database.';
}

Posted: Thu Jun 10, 2004 10:29 pm
by ol4pr0
I believe i understand partly how and why, i will read this a couple of times more untill i completely understand :)

thanks

Posted: Thu Jun 10, 2004 11:20 pm
by tim
what hes trying to say is:
$sql = "SELECT * FROM tim_table";

alone, is useless.

$sql = "SELECT * FROM tim_table";
$result = mysql_query($sql);

is good.