Page 1 of 2

Why oh Why??

Posted: Mon Nov 21, 2005 7:32 am
by Munky
Hi Guys,

I'm a complete Newbie but I have used PHP quite a bit recently..

I have made a database and I am try to use a Log In page..

I pass the username and password via a form to this page, but all i do is get a blank page...?

the connection is working so it is seeing my database... :(

Also how do i make it display a different page if the password or username is incorrect?

Code: Select all

<body>
<?
include 'vars.php';

$membername=$_GET['membername'];
$password=$_GET['password'];

$link = mysql_connect('localhost', $user, $pass);
if (!$link) {
   die('Could not connect: ' . mysql_error());
}

@mysql_select_db($database) or die( "Unable to select database");
$query="SELECT * FROM profileinfo WHERE membername=$membername AND password=$password";
$result=mysql_query($query);

echo "<b><center>Your Account</center></b><br><br>";

$membername=mysql_result($result,"membername");
$email

echo "<b>$membernumber</b><br><b>$email</b><br><a href='edit_account.php?membernumber=$membernumber'>edit</a><hr><br>";

mysql_close($link);
?>
 
</body>
</html>

Posted: Mon Nov 21, 2005 7:50 am
by malcolmboston
replace

Code: Select all

@mysql_select_db($database) or die( "Unable to select database"); 
$query="SELECT * FROM profileinfo WHERE membername=$membername AND password=$password"; 
$result=mysql_query($query);
with

Code: Select all

mysql_select_db($database) or die(mysql_error()); 
$query="SELECT * FROM profileinfo WHERE membername=$membername AND password=$password"; 
$result=mysql_query($query) or die (mysql_error());
also your coding is a bit untidy, would help if you sorted that out as well, also short tags (<?) is not recommended

Posted: Mon Nov 21, 2005 7:50 am
by twigletmac
The first thing you need to do is add the following lines at the top of the code:

Code: Select all

ini_set('display_errors', 1);
error_reporting(E_ALL);
this should allow you to see the syntax error that PHP is trying to report :)

Mac

Posted: Mon Nov 21, 2005 7:57 am
by Munky
hmm, ok, done all those changes and still get nothing,

so how can i check that the info from the form is actually being passed.

I tried all these

Code: Select all

<?PHP

echo $membername ):

?>
--------------

Code: Select all

<?PHP

echo '$membername' ):

?>
--------------

Code: Select all

<?PHP

echo "$membername" ):

?>
but this just displays a blank page :(

Oh im so confused..

Posted: Mon Nov 21, 2005 8:11 am
by twigletmac
OK - if you change:

Code: Select all

$membername=mysql_result($result,"membername");
$email
to

Code: Select all

$membername=mysql_result($result,"membername");
//$email commented out because it was causing a parse error
then you should hopefully see some output.

Next thing - what method are you using in the form? POST or GET?

Mac

Posted: Mon Nov 21, 2005 8:16 am
by Munky
Its a POST on the actual form,

Basically I've started again, and I have this

Code: Select all

<?PHP

ini_set('display_errors', 1); 
error_reporting(E_ALL);

$_POST["membername"] 

echo "$membername" ):

?>
Completely new blank page, and the form POST is membername and password.
all i want to do i find out why the result page cannot see my membername being passed?

Posted: Mon Nov 21, 2005 8:21 am
by twigletmac
In this line:

Code: Select all

echo "$membername" ):
you've got an extraneous ) and use a colon instead of a semi-colon - try:

Code: Select all

echo $membername;
Also, instead of:

Code: Select all

$_POST["membername"]
you need to do:

Code: Select all

$membername = $_POST['membername'];
Mac

Posted: Mon Nov 21, 2005 8:28 am
by Munky
Ok, so im feeling fairly stupid now...

i have

Code: Select all

<?PHP

ini_set('display_errors', 1); 
error_reporting(E_ALL);

$membernumber = $_POST['membername'];

echo $membername;

?>
and its working!! thank you!!

I will now try to add this to my initial request...

Posted: Mon Nov 21, 2005 8:32 am
by malcolmboston
[cough]
Look...

Code: Select all

$membernumber = $_POST['membername']; 

echo $membername;
[/cough]

lol, ur gonna have fun with regex :P

Posted: Mon Nov 21, 2005 8:33 am
by Munky
malcolmboston wrote:[cough]
Look...

Code: Select all

$membernumber = $_POST['membername']; 

echo $membername;
[/cough]

lol, ur gonna have fun with regex :P
Doh!! Thought i editted before anyone spotted that lol!!!

Posted: Mon Nov 21, 2005 8:39 am
by Munky

Code: Select all

<?PHP

//error check

ini_set('display_errors', 1); 
error_reporting(E_ALL);

//list the fields coming from the form

$membername = $_POST['membername'];
$password = $_POST['password'];

include 'vars.php';

$link = mysql_connect('localhost', $user, $pass);
if (!$link) {
   die('Could not connect: ' . mysql_error());
}

mysql_select_db($database) or die(mysql-error()); 
$query="SELECT * FROM profileinfo WHERE membername=$membername AND password=$password"; 
$result=mysql_query($query) or die (mysql_error());

echo "<b><center>Your Account</center></b><br><br>";

$membername=mysql_result($result,"membername");
$membernumber=mysql_result($result,"membernumber");
$email=mysql_result($result,"email");

echo "<b>$membernumber</b><br><b>$email</b><br><a href='edit_account.php?membernumber=$membernumber'>edit</a><hr><br>";

mysql_close($link);
?>
gives

Code: Select all

You have an error in your SQL syntax near '' at line 1

Posted: Mon Nov 21, 2005 8:55 am
by twigletmac
Try adding some quotes around the strings in the SQL statement, so:

Code: Select all

$query="SELECT * FROM profileinfo WHERE membername = '$membername' AND password = '$password'";
instead of:

Code: Select all

$query="SELECT * FROM profileinfo WHERE membername=$membername AND password=$password";
Mac

Posted: Mon Nov 21, 2005 8:59 am
by Munky
ok tried it again with a working username and password.. and i got

Code: Select all

Unknown column 'munky' in 'where clause'
urm?

my username is "munky"

any ideas and where can i put the "username incorrect?" page

Posted: Mon Nov 21, 2005 9:01 am
by Munky
ok, yeah the ' ' did the job, thank you :)

but, this doesnt appear to work?

$membername=mysql_result($result,"membername");
$membernumber=mysql_result($result,"membernumber");
$email=mysql_result($result,"email");

i also changed the membername to LIKE

Code: Select all

$query="SELECT * FROM profileinfo WHERE membername LIKE '$membername' AND password = '$password'";
as i am allowing uppercase and lowercase usernames...

Posted: Mon Nov 21, 2005 9:19 am
by twigletmac
instead of:

Code: Select all

echo "<b><center>Your Account</center></b><br><br>";

$membername=mysql_result($result,"membername");
$membernumber=mysql_result($result,"membernumber");
$email=mysql_result($result,"email");

echo "<b>$membernumber</b><br><b>$email</b><br><a href='edit_account.php?membernumber=$membernumber'>edit</a><hr><br>";
try

Code: Select all

// first test to make sure there was a result
if (mysql_num_rows($result) == 1) {
	echo "<b><center>Your Account</center></b><br><br>";

	// get the whole result of the query into an array
	$row = mysql_fetch_assoc($result);

	// set each individual variable
	$membername   = $row['membername'];
	$membernumber = $row['membernumber'];
	$email        = $row['email'];

	echo "<b>$membernumber</b><br><b>$email</b><br><a href='edit_account.php?membernumber=$membernumber'>edit</a><hr><br>";
} else {
	// what gets displayed if there is no result found
	echo '<b>Member details not found.</b>';
}
Mac