Page 1 of 1

Database question

Posted: Sun Apr 10, 2005 2:58 pm
by jonathandg
This code takes a record and looks if the password matches the POST-password.
I was now wondering how I could take data from the record.
I was trying $login_info["firstname"],
but it doesn't work :(
Well I hope you guys can help me here's the code :

Code: Select all

$provided_username = $_POST['username'];
$select_login = "SELECT password FROM users WHERE username = '$provided_username'";
$query_login = mysql_query($select_login, $db_connection);
$login_info = mysql_fetch_array($query_login);
if ($_POST['password'] != $login_info["password"])
{
 HERE SHOULD BE THE EVENTS
}

Posted: Sun Apr 10, 2005 3:27 pm
by Chris Corbyn
How come you've negated your condition?

Anyway, what you're doing is right... provided it's pulling the expected data from the database then it will work.

Try:

Code: Select all

print_r($login_info);
and check if it's what you were expecting :wink:

Posted: Sun Apr 10, 2005 4:08 pm
by John Cartwright
Generally its done like this

Code: Select all

$provided_username = $_POST['username'];

$result = mysql_query("SELECT password FROM users WHERE username = '$provided_username' LIMIT 1");

if (mysql_num_rows($result) == 1)
{
     //now fetch the array if user is valid
     $login_info = mysql_fetch_assoc($result);

     print_r($login_info);

}
I suggest you also sanitize $provided_username. Check to make sure it contains letters and numbers only. A quick search of these boards I'm sure you can find many examples.

Generally its done this way