Aprelium - Forum :: View topic

SQL Issues

Aprelium Forum Index -> PHP

View previous topic :: View next topic

Author

Message

p3
-

Joined: 17 Jun 2005
Posts: 615

Posted: Thu Jan 19, 2006 4:21 pm Post subject: SQL Issues

Code:

<?php
include('header.php');
include('db_connect.php');
$username = $_POST["register_username"];
$password = $_POST["register_pass"];
$connect = mysql_connect("localhost", "*", "*");
$selectdb = mysql_select_db("p3net");
//$connect_to_db = $mysql_query($connect) or
// die ("Error - Could not connect to database.");
//$select_database = $mysql_query($selectdb) or
// die ("Error - Could not select database.");
$register = "INSERT into users ('$username', 'password', '1')";
$register_query = mysql_query($register, $connect) or
die ("Error inserting user information into database.");
if(!(!$register_query))
{
echo "You have been registered! You may now <a href='login.php'>Login</a>!";
}
include('footer.php');
?>

There's my script. Whenever I try to use it, I get the "Error inserting user information into database" thing. I can't figure out what's causing it... any ideas?

abyssisthebest
-

Joined: 30 Jun 2005
Posts: 319
Location: Boston, UK

Posted: Thu Jan 19, 2006 4:25 pm Post subject:

Code:

$register = "INSERT into users ('$username', 'password', '1')";

shouldn't this be

Code:

$register = "INSERT into users ('$username', '$password', '1')";

MonkeyNation
-

Joined: 05 Feb 2005
Posts: 921
Location: Cardiff

Posted: Thu Jan 19, 2006 5:06 pm Post subject:

You could use the mysql_error() php function to see what went wrong.
But, why don't you try modeling your SQL on this:

Code:

INSERT INTO users VALUES ('username', 'password', '1');

_________________

p3
-

Joined: 17 Jun 2005
Posts: 615

Posted: Fri Jan 20, 2006 2:56 am Post subject:

Thanks guys, that worked well! Now, another problem :D

Code:

<?php
include('header.php');
$connect = mysql_connect("localhost", "*", "*");
$selectdb = mysql_select_db("p3net");
$username=$_POST["p3net_username"];
$password=$_POST["p3net_password"];
$find_user = "Select * FROM users WHERE user_name is '$username' AND user_pass is '$password'";
$login_user = mysql_query($find_user) or
die (mysql_error());
if(!($login_user))
{
echo "Access is Denied!";
}
else
{
header('Location: /members');
setcookie('loggedin','true');
setcookie('username',$username);
setcookie('user_level', '1');
}
include('footer.php');
?>

This is a login script. It is supposed to retrieve the username and password of the username that logged in. If the username or password are wrong, it should return an error. Instead, it tells me I have an error in my syntax in the Select * FROM users WHERE user_name is '$username' AND user_pass is '$password' query (it fills in everything with my username and pass, but I'm not gonna post them)

MonkeyNation
-

Joined: 05 Feb 2005
Posts: 921
Location: Cardiff

Posted: Fri Jan 20, 2006 5:40 am Post subject:

Code:

SELECT * FROM users WHERE user_name = 'username' AND user_pass = 'password';

And please god read this.
_________________

p3
-

Joined: 17 Jun 2005
Posts: 615

Posted: Fri Jan 20, 2006 3:57 pm Post subject:

p3 wrote:

Thanks guys, that worked well! Now, another problem :D

Code:

Got everything working now. But one question. What do you think would be the best way to implement a method so that it doesn't allow you to login even if your username/password are wrong/nonexistent?

p3
-

Joined: 17 Jun 2005
Posts: 615

Posted: Sat Jan 21, 2006 2:17 am Post subject:

Anyone...

MonkeyNation
-

Joined: 05 Feb 2005
Posts: 921
Location: Cardiff

Posted: Sat Jan 21, 2006 2:40 am Post subject:

Code:

if (mysql_num_rows($login_user) > 0)
echo "Hay sup?";
else
echo "No thanks.";

_________________

p3
-

Joined: 17 Jun 2005
Posts: 615

Posted: Sat Jan 21, 2006 3:03 am Post subject:

Still doesn't work... I expect it has something to do with the ''s.

Code:

<?php
include('header.php');
$connect = mysql_connect("localhost", "p3", "");
$selectdb = mysql_select_db("p3net");
$username=$_POST["p3net_username"];
$password=$_POST["p3net_password"];
$rememberme=$_POST["p3net_rememberme"];
$find_user = "Select * FROM users WHERE user_name '/=/' /'$username/' and user_password /'=/' /'$password/'";
$login_user = mysql_query($find_user) or
die (mysql_error());
if (mysql_num_rows($login_user) > 0)
{
header('Location: /members');
setcookie('loggedin','true');
setcookie('username',$username);
setcookie('user_level', '1');
}
else
{
echo "Username/Password incorrect.";
}
include('footer.php');
?>

Last edited by p3 on Sat Jan 21, 2006 3:04 pm; edited 1 time in total

MonkeyNation
-

Joined: 05 Feb 2005
Posts: 921
Location: Cardiff

Posted: Sat Jan 21, 2006 4:38 am Post subject:

Are those slashes you trying to escape your input?
>You've escaped the wrong thing.
>You've used the wrong slashes.

Code:

<?php
include('header.php');
$connect = mysql_connect("localhost", "p3", I assume you didn't mean to enter your password here?);
$selectdb = mysql_select_db("p3net");
$username=$_POST["p3net_username"];
$password=$_POST["p3net_password"];
$rememberme=$_POST["p3net_rememberme"];
$find_user = "Select * FROM users WHERE user_name = '".addslashes($username)."' and user_password = '".addslashes($password)."'";
$login_user = mysql_query($find_user) or
die (mysql_error());
if (mysql_num_rows($login_user) > 0)
{
header('Location: /members');
setcookie('loggedin','true');
setcookie('username',$username);
setcookie('user_level', '1');
}
else
{
echo "Username/Password incorrect.";
}
include('footer.php');
?>

_________________

Display posts from previous:

	Aprelium Forum Index -> PHP	All times are GMT + 1 Hour
Page 1 of 1

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Abyss Web Server

Install...
- PHP
- Perl
- ASP.NET
- "Classic" ASP
- Ruby On Rails

Get Help...

Company

Keep in Touch
- News
- Mailing List
- @abyssws on