mySQL

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
Silver_Eclipse
Forum Commoner
Posts: 61
Joined: Sun Aug 18, 2002 7:26 pm

mySQL

Post by Silver_Eclipse »

say i have this date in my table
|ID|Name | Pass

1 |Name 1| Pass1
2 |Name 2| Pass2

how would i go about having it so that when they login it checks to make sure that the pass for that name is checked instead of checking the whole table for that password, because another user may have the password they enter but that password wouldnt match the one with the username entered.
User avatar
phice
Moderator
Posts: 1416
Joined: Sat Apr 20, 2002 3:14 pm
Location: Dallas, TX
Contact:

Post by phice »

This shall be moved to the MySQL Forum.

Code: Select all

SELECT * FROM members WHERE username = $username AND password = $password
I know there is a better way, but this is by far the easiest.
Image Image
User avatar
Takuma
Forum Regular
Posts: 931
Joined: Sun Aug 04, 2002 10:24 am
Location: UK
Contact:

Post by Takuma »

Apply the code like this:-

Code: Select all

<?php
mysql_connect("localhost","username","password") or die ("Failed to establish connection with MySQL");
mysql_select_db("database") or die ("Failed to select a database");

//You should encrypt password like 
//$_POSTї'password'] = md5($_POSTї'password']);

$sql = "SELECT * FROM your_table WHERE Name = {$_POSTї'username']} AND WHERE Pass = {$_POSTї'password']}"
$result = mysql_query($sql) or die(mysql_error());

if(mysql_num_rows($result) == 0) {
  echo "Invalid Password";
}
while($row = mysql_fetch_array($result) {
  if($rowї"Name"] == $_POSTї'username'] && $rowї"Pass"] == $_POSTї'password']) {
    echo "Login Success";
  } else {
    echo "Failed to login";
  }
}
?>
Silver_Eclipse
Forum Commoner
Posts: 61
Joined: Sun Aug 18, 2002 7:26 pm

Post by Silver_Eclipse »

but if say this is their information:
Username: user99
Pass: pass99

and another users information is
Username: user_01
Pass: pass99

but user99 changes their password to pass00 and tries to login with pass99, it would still let them in because that password exists even though it isnt the one that goes with their username.

Edit:im guessing this part takes care of that:

Code: Select all

while($row = mysql_fetch_array($result) { 
  if($rowї"Name"] == $_POSTї'username'] && $rowї"Pass"] == $_POSTї'password']) { 
    echo "Login Success"; 
  } else { 
    echo "Failed to login"; 
  } 
}
let me know if i'm wrong though (and if i am right so i don't keep asking more questions).
also what is &amp for?
User avatar
phice
Moderator
Posts: 1416
Joined: Sat Apr 20, 2002 3:14 pm
Location: Dallas, TX
Contact:

Post by phice »

It's an HTML code... It changed it the 'AND' (&) symbol. Much like, my oh so favorite,   ( ) which is a space.
Image Image
Silver_Eclipse
Forum Commoner
Posts: 61
Joined: Sun Aug 18, 2002 7:26 pm

Post by Silver_Eclipse »

well i knew it had to be one of those symbols like that, just wanted to know what it did since i hardly ever use those (except for &nbsp heh).
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

the query string phice wrote would work.
Only records that match both conditions (username = $username AND password = $password ) will be delivered. There's no need for additional testing in php. But you should put the strings in ''.

Code: Select all

$query = "SELECT * FROM members WHERE username = '$username' AND password = '$password'";
Post Reply