~pickle | Please use [ code=html ], [ code=php ], etc tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: Posting Code in the Forums to learn how to do it too.
I'm having problems getting information from MySQL. Do I have an error here. I have googled about select and I can't find the error.
$link2 = mysql_connect($dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());
$Username = $_POST['username'];
$Password = $_POST['password'];
$query = "select * from $table where 'usersname' = $username and 'password' = $password";
$result = mysql_query($query);
// Make sure you actually get a result:
if (mysql_num_rows($result) != 1) {
$error = "Bad Login";
// include "login.html";
echo "Bad login";
} else {
$_SESSION['username'] = "$username";
// include "memberspage.php";
echo "Good login";
}
~pickle | Please use [ code=html ], [ code=php ], etc tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: Posting Code in the Forums to learn how to do it too.
Your query is foobard. You don't quote column names like that (use the backtick if you want: ` ), you need to quote the values you're testing for, and you spelled you 'username' field wrong.
Also, you should NEVER put unsanitized user-supplied information in a query. What would happen if I typed my username as:
You should also NEVER store plain text passwords. The easiest solution is to store a hashed version of the password, then run whatever the user types in as their password through that same has function, & check if the resulting hashes match.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.