Page 1 of 1

Not sure I'm connecting.

Posted: Thu Dec 11, 2008 1:13 am
by pauls74462
~pickle | Please use [ code=html ], [ code=php ], etc tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: :arrow: Posting Code in the Forums to learn how to do it too.


I'm having problems getting information from MySQL. Do I have an error here. I have googled about select and I can't find the error.

Code: Select all

$link2 = mysql_connect($dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
 
 
mysql_select_db($dbname) or die(mysql_error());
 
$Username = $_POST['username'];
$Password = $_POST['password'];
 
$query = "select * from $table where 'usersname' = $username and 'password' = $password";
 
$result = mysql_query($query);
 
// Make sure you actually get a result:
 
if (mysql_num_rows($result) != 1) {
$error = "Bad Login";
 
//    include "login.html";
echo "Bad login";
} else {
    $_SESSION['username'] = "$username";
//    include "memberspage.php";
echo "Good login";
}

~pickle | Please use [ code=html ], [ code=php ], etc tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: :arrow: Posting Code in the Forums to learn how to do it too.

Re: Not sure I'm connecting.

Posted: Thu Dec 11, 2008 10:36 am
by pauls74462
pauls74462 wrote:I'm having problems getting information from MySQL. Do I have an error here. I have googled about select and I can't find the error.

Code: Select all

$link2 = mysql_connect($dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
 
 
mysql_select_db($dbname) or die(mysql_error());
 
$Username = $_POST['username'];
$Password = $_POST['password'];
 
$query = "select * from $table where 'usersname' = $username and 'password' = $password";
 
$result = mysql_query($query);
 
// Make sure you actually get a result:
 
if (mysql_num_rows($result) != 1) {
$error = "Bad Login";
 
//    include "login.html";
echo "Bad login";
} else {
    $_SESSION['username'] = "$username";
//    include "memberspage.php";
echo "Good login";
}
Let me rephrase it.

I know I connecting because I can pit information in the db, what I can't do is fetch information from the db.

Re: Not sure I'm connecting.

Posted: Thu Dec 11, 2008 2:15 pm
by pickle
Your query is foobard. You don't quote column names like that (use the backtick if you want: ` ), you need to quote the values you're testing for, and you spelled you 'username' field wrong.

Also, you should NEVER put unsanitized user-supplied information in a query. What would happen if I typed my username as:

Code: Select all

'';delete from users;
You should also NEVER store plain text passwords. The easiest solution is to store a hashed version of the password, then run whatever the user types in as their password through that same has function, & check if the resulting hashes match.