MySQL Query Syntax

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
kamikaze
Forum Newbie
Posts: 1
Joined: Sat Dec 07, 2002 9:29 am

MySQL Query Syntax

Post by kamikaze »

Hi all :)

I want to write a user authentication script, but i'm getting an error in my PHP code. It consists of two pages, and looks like this... (NOTE!! The line numbers aren't included in my scripts. I only included them as a reference.)

{LOGIN PAGE - LOGIN.PHP}

1: <html>
2: <head>
3: <title>kamikaze's Control Panel</title>
4: </head>
5: <?php
6:
7: # Connect to the Database...
8:
9: $db = "userlist";
10: $link = mysql_connect();
11: if ( ! $link )
12: die( "Couldn't connect to MySQL" );
13: print "Successfully connected to server!

";
14: mysql_select_db( $db )
15: or die( "Couldn't open $db: ".mysql_error() );
16: print "Successfully selected Database \"$db\"

";
17:
18: # Create the User Interface...
19: ?>
20: <form action="action.php" method="POST">
21: Username: <input type="text" name="uid" />
22: Password: <input type="password" name="pwd" />
23: <input type="submit">
24: </body>
25: </html>

{PHP SCRIPT FOR USER AUTHENTICATION - ACTION.PHP}

1: <html>
2: <head>
3: <title>Authentication In Progress...</title>
4: </head>
5: <body>
6: <?php
7: $input_uid = $_POST["uid"];
8: $input_pwd = $_POST["pwd"];
9: *$query = "SELECT pwd FROM fts WHERE userid = $input_uid";
10:
11: **$db_pwd = mysql_query( $query );
12: print $db_pwd;
13: ?>
14: </body>
15: </html>
* = I need to pass the $input_uid string to the SQL query in quotes. (EX: SELECT pwd FROM fts WHERE userid = " $input_uid " ). How do i do this?
** = Is this how i can pass the pwd field from the record where userid in my table = $input_uid to the $db_pwd variable? (Better yet, does this question make any sense??!? LOL)

Once I am able to pass the pwd field to a variable in my PHP script, then i can just test it to see if it matches what the user supplied on the login form...

if $db_pwd = $input_pwd then
Set a cookie and continue to the member page.
else
Send 'em packin' back to the login to try again.
endif

(BTW, i know that the above statement probably doesn't use the correct PHP syntax. it's merely an example.)

Am i going about this the right way? Any help is greatly appreciated.

Thanks

kamikaze
f1nutter
Forum Contributor
Posts: 125
Joined: Wed Jun 05, 2002 12:08 pm
Location: London

Post by f1nutter »

OK, line 9:

Code: Select all

<?php
$query = "SELECT pwd FROM fts WHERE userid ='".$input_uid."'";
// thats equals, single quote, double quote, period, variable, period, double quote, single quote, double quote.
?>
Note the colour change as the string stops, then the variable, which will be the real value, then back to a string. All concatenated together as a string.

Line 11:

You need to execute the query to get the result from the table.

Code: Select all

<?php
$result = mysql_query($query); // run the query
$row = mysql_fetch_assoc($result); // get the first row of the results
$db_pwd = $row["pwd"]; // assign the variable the value of entry pwd from the row array.
?>
You could use the database to test the password if you wish instead.
Post Reply