MySQL Query Syntax
Posted: Sat Dec 07, 2002 9:29 am
Hi all
I want to write a user authentication script, but i'm getting an error in my PHP code. It consists of two pages, and looks like this... (NOTE!! The line numbers aren't included in my scripts. I only included them as a reference.)
{LOGIN PAGE - LOGIN.PHP}
1: <html>
2: <head>
3: <title>kamikaze's Control Panel</title>
4: </head>
5: <?php
6:
7: # Connect to the Database...
8:
9: $db = "userlist";
10: $link = mysql_connect();
11: if ( ! $link )
12: die( "Couldn't connect to MySQL" );
13: print "Successfully connected to server!
";
14: mysql_select_db( $db )
15: or die( "Couldn't open $db: ".mysql_error() );
16: print "Successfully selected Database \"$db\"
";
17:
18: # Create the User Interface...
19: ?>
20: <form action="action.php" method="POST">
21: Username: <input type="text" name="uid" />
22: Password: <input type="password" name="pwd" />
23: <input type="submit">
24: </body>
25: </html>
{PHP SCRIPT FOR USER AUTHENTICATION - ACTION.PHP}
1: <html>
2: <head>
3: <title>Authentication In Progress...</title>
4: </head>
5: <body>
6: <?php
7: $input_uid = $_POST["uid"];
8: $input_pwd = $_POST["pwd"];
9: *$query = "SELECT pwd FROM fts WHERE userid = $input_uid";
10:
11: **$db_pwd = mysql_query( $query );
12: print $db_pwd;
13: ?>
14: </body>
15: </html>
* = I need to pass the $input_uid string to the SQL query in quotes. (EX: SELECT pwd FROM fts WHERE userid = " $input_uid " ). How do i do this?
** = Is this how i can pass the pwd field from the record where userid in my table = $input_uid to the $db_pwd variable? (Better yet, does this question make any sense??!? LOL)
Once I am able to pass the pwd field to a variable in my PHP script, then i can just test it to see if it matches what the user supplied on the login form...
if $db_pwd = $input_pwd then
Set a cookie and continue to the member page.
else
Send 'em packin' back to the login to try again.
endif
(BTW, i know that the above statement probably doesn't use the correct PHP syntax. it's merely an example.)
Am i going about this the right way? Any help is greatly appreciated.
Thanks
kamikaze
I want to write a user authentication script, but i'm getting an error in my PHP code. It consists of two pages, and looks like this... (NOTE!! The line numbers aren't included in my scripts. I only included them as a reference.)
{LOGIN PAGE - LOGIN.PHP}
1: <html>
2: <head>
3: <title>kamikaze's Control Panel</title>
4: </head>
5: <?php
6:
7: # Connect to the Database...
8:
9: $db = "userlist";
10: $link = mysql_connect();
11: if ( ! $link )
12: die( "Couldn't connect to MySQL" );
13: print "Successfully connected to server!
";
14: mysql_select_db( $db )
15: or die( "Couldn't open $db: ".mysql_error() );
16: print "Successfully selected Database \"$db\"
";
17:
18: # Create the User Interface...
19: ?>
20: <form action="action.php" method="POST">
21: Username: <input type="text" name="uid" />
22: Password: <input type="password" name="pwd" />
23: <input type="submit">
24: </body>
25: </html>
{PHP SCRIPT FOR USER AUTHENTICATION - ACTION.PHP}
1: <html>
2: <head>
3: <title>Authentication In Progress...</title>
4: </head>
5: <body>
6: <?php
7: $input_uid = $_POST["uid"];
8: $input_pwd = $_POST["pwd"];
9: *$query = "SELECT pwd FROM fts WHERE userid = $input_uid";
10:
11: **$db_pwd = mysql_query( $query );
12: print $db_pwd;
13: ?>
14: </body>
15: </html>
* = I need to pass the $input_uid string to the SQL query in quotes. (EX: SELECT pwd FROM fts WHERE userid = " $input_uid " ). How do i do this?
** = Is this how i can pass the pwd field from the record where userid in my table = $input_uid to the $db_pwd variable? (Better yet, does this question make any sense??!? LOL)
Once I am able to pass the pwd field to a variable in my PHP script, then i can just test it to see if it matches what the user supplied on the login form...
if $db_pwd = $input_pwd then
Set a cookie and continue to the member page.
else
Send 'em packin' back to the login to try again.
endif
(BTW, i know that the above statement probably doesn't use the correct PHP syntax. it's merely an example.)
Am i going about this the right way? Any help is greatly appreciated.
Thanks
kamikaze