 |  |  |  |  |  |  |  |
mysql_num_rows warning
Please support our PHP advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases
 |
Hi!
I'm doing a small website with some mysql and php, and have difficulties with doing a login site. I have the form sending the username and password, and this site should check them.
Here's the code:
[php]
<?php
session_start();
if(!($connection = mysql_connect("host","user","pass")))
die("Can't connect to database.");
if(!(mysql_select_db("db", $connection)))
die("ERROR ".mysql_errno($connection)."-". mysql_error($connection));
if(isset($_POST["username"]) AND isset($_POST["password"])) {
$uname = $_POST["username"];
$pword = $_POST["password"];
$loginquery = "SELECT * FROM Users WHERE Username = '{$uname}' AND Password = '{$pword}' ORDER BY UserID";
if(!$loginresult = mysql_query($loginquery, $connection))
$error = "No connection.";
if (mysql_num_rows($loginresult) != 1){
$error .= "Username / password error!";
}
else {
$datas = mysql_fetch_assoc($loginresult);
$uid2 = $datas["UserID"];
$uname2 = $datas["Username"];
$pword2 = $datas["Userpassword"];
$artist2 = $datas["Artist"];
$moderator2 = $datas["Moderator"];
$_SESSION["userid"] = $uid2;
$_SESSION["username"] = $uname2;
$_SESSION["password"] = $pword2;
$_SESSION["artist"] = $artist2;
$_SESSION["moderator"] = $moderator2;
}
}
?>
[/php]
This php page is included in every page on the site. Some variables may be named badly, ignore them. Just help me, please?
I'm doing a small website with some mysql and php, and have difficulties with doing a login site. I have the form sending the username and password, and this site should check them.
Here's the code:
[php]
<?php
session_start();
if(!($connection = mysql_connect("host","user","pass")))
die("Can't connect to database.");
if(!(mysql_select_db("db", $connection)))
die("ERROR ".mysql_errno($connection)."-". mysql_error($connection));
if(isset($_POST["username"]) AND isset($_POST["password"])) {
$uname = $_POST["username"];
$pword = $_POST["password"];
$loginquery = "SELECT * FROM Users WHERE Username = '{$uname}' AND Password = '{$pword}' ORDER BY UserID";
if(!$loginresult = mysql_query($loginquery, $connection))
$error = "No connection.";
if (mysql_num_rows($loginresult) != 1){
$error .= "Username / password error!";
}
else {
$datas = mysql_fetch_assoc($loginresult);
$uid2 = $datas["UserID"];
$uname2 = $datas["Username"];
$pword2 = $datas["Userpassword"];
$artist2 = $datas["Artist"];
$moderator2 = $datas["Moderator"];
$_SESSION["userid"] = $uid2;
$_SESSION["username"] = $uname2;
$_SESSION["password"] = $pword2;
$_SESSION["artist"] = $artist2;
$_SESSION["moderator"] = $moderator2;
}
}
?>
[/php]
This php page is included in every page on the site. Some variables may be named badly, ignore them. Just help me, please?
•
•
Join Date: Sep 2006
Posts: 84
Reputation: 
Solved Threads: 4
Junior Poster in Training
[php]
$loginquery = "SELECT * FROM Users WHERE Username = '{$uname}' AND Password = '{$pword}' ORDER BY UserID";
if(!$loginresult = mysql_query($loginquery, $connection))
$error = "No connection.";
if (mysql_num_rows($loginresult) != 1){
$error .= "Username / password error!";
}
[/php]
You can try to modify the coding above as below. See whether it works or not.
[php]
$loginquery = mysql_query("SELECT * FROM Users WHERE Username = '$uname' AND Password = '$pword' ORDER BY UserID");
if (!$loginquery){$error="Query problem";}
if (mysql_num_rows($loginquery) != 1){
$error .= "Username / password error!";
}
[/php]
$loginquery = "SELECT * FROM Users WHERE Username = '{$uname}' AND Password = '{$pword}' ORDER BY UserID";
if(!$loginresult = mysql_query($loginquery, $connection))
$error = "No connection.";
if (mysql_num_rows($loginresult) != 1){
$error .= "Username / password error!";
}
[/php]
You can try to modify the coding above as below. See whether it works or not.
[php]
$loginquery = mysql_query("SELECT * FROM Users WHERE Username = '$uname' AND Password = '$pword' ORDER BY UserID");
if (!$loginquery){$error="Query problem";}
if (mysql_num_rows($loginquery) != 1){
$error .= "Username / password error!";
}
[/php]
Still not working. Does anyone have any idea what the problem is? I really should get this done quite soon and thought it would be easy, since I've done a similar site previously and had no problems... Pretty please?
FIXED IT! :mrgreen:
Or actually didn't fix it, just did something else. Here's the code if someone's wondering.
Before:
[php]
$loginquery = "SELECT * FROM Users WHERE Username = '{$uname}' AND Password = '{$pword}' ORDER BY UserID";
if(!$loginresult = mysql_query($loginquery, $connection))
$error = "No connection.";
if (mysql_num_rows($loginresult) != 1){
$error .= "Username / password error!";
}
else {
$datas = mysql_fetch_assoc($loginresult);
$uid2 = $datas["UserID"];
$uname2 = $datas["Username"];
$pword2 = $datas["Userpassword"];
$artist2 = $datas["Artist"];
$moderator2 = $datas["Moderator"];
$_SESSION["userid"] = $uid2;
$_SESSION["username"] = $uname2;
$_SESSION["password"] = $pword2;
$_SESSION["artist"] = $artist2;
$_SESSION["moderator"] = $moderator2;
}
[/php]
After:
[php]
$loginquery = "SELECT * FROM Users ORDER BY UserID";
$loginresult = mysql_query($loginquery);
while($row = mysql_fetch_assoc($loginresult)){
if($row[Username]==$uname && $row[Userpassword]==$pword){
$_SESSION["userid"] = $row[UserID];
$_SESSION["username"] = $row[Username];
$_SESSION["password"] = $row[Userpassword];
$_SESSION["artist"] = $row[Artist];
$_SESSION["moderator"] = $row[Moderator];
}
}
[/php]
Or actually didn't fix it, just did something else. Here's the code if someone's wondering.
Before:
[php]
$loginquery = "SELECT * FROM Users WHERE Username = '{$uname}' AND Password = '{$pword}' ORDER BY UserID";
if(!$loginresult = mysql_query($loginquery, $connection))
$error = "No connection.";
if (mysql_num_rows($loginresult) != 1){
$error .= "Username / password error!";
}
else {
$datas = mysql_fetch_assoc($loginresult);
$uid2 = $datas["UserID"];
$uname2 = $datas["Username"];
$pword2 = $datas["Userpassword"];
$artist2 = $datas["Artist"];
$moderator2 = $datas["Moderator"];
$_SESSION["userid"] = $uid2;
$_SESSION["username"] = $uname2;
$_SESSION["password"] = $pword2;
$_SESSION["artist"] = $artist2;
$_SESSION["moderator"] = $moderator2;
}
[/php]
After:
[php]
$loginquery = "SELECT * FROM Users ORDER BY UserID";
$loginresult = mysql_query($loginquery);
while($row = mysql_fetch_assoc($loginresult)){
if($row[Username]==$uname && $row[Userpassword]==$pword){
$_SESSION["userid"] = $row[UserID];
$_SESSION["username"] = $row[Username];
$_SESSION["password"] = $row[Userpassword];
$_SESSION["artist"] = $row[Artist];
$_SESSION["moderator"] = $row[Moderator];
}
}
[/php]
Instead of:
[php]
$loginquery = "SELECT * FROM Users WHERE Username = '{$uname}' AND Password = '{$pword}' ORDER BY UserID";
if(!$loginresult = mysql_query($loginquery, $connection))
$error = "No connection.";
if (mysql_num_rows($loginresult) != 1){
$error .= "Username / password error!";
}[/php]
Try this:
[php]
$loginquery = mysql_query("SELECT * FROM Users WHERE Username = '".$uname."' AND Password = '".$pword."' ORDER BY UserID");
if (!$loginquery){$error="Query problem";}
if (mysql_num_rows($loginquery) != 1){
$error .= "Username / password error!";
}[/php]
Or, change the !=1 to <1 as there shouldn't be more than two usernames that are the same.
The other way is to go through phpMyAdmin and paste it into SQL Query. It (usually) tells you the why it won't work, or at least where it thinks the error is.
Thanks for putting up your work around.
[php]
$loginquery = "SELECT * FROM Users WHERE Username = '{$uname}' AND Password = '{$pword}' ORDER BY UserID";
if(!$loginresult = mysql_query($loginquery, $connection))
$error = "No connection.";
if (mysql_num_rows($loginresult) != 1){
$error .= "Username / password error!";
}[/php]
Try this:
[php]
$loginquery = mysql_query("SELECT * FROM Users WHERE Username = '".$uname."' AND Password = '".$pword."' ORDER BY UserID");
if (!$loginquery){$error="Query problem";}
if (mysql_num_rows($loginquery) != 1){
$error .= "Username / password error!";
}[/php]
Or, change the !=1 to <1 as there shouldn't be more than two usernames that are the same.
The other way is to go through phpMyAdmin and paste it into SQL Query. It (usually) tells you the why it won't work, or at least where it thinks the error is.
Thanks for putting up your work around.
Last edited by sunflowerz; Sep 30th, 2006 at 3:03 am. Reason: code blocks didn't quite work...oops! :)
...and why using AND operator, not use && operator?
Đường đời sóng gió anh không sợ
Chỉ sợ ngày về thiếu bóng em
Chỉ sợ ngày về thiếu bóng em
•
•
•
•
Originally Posted by itanium7000 
...and why using AND operator, not use && operator?
•
•
Join Date: Jul 2004
Posts: 494
Reputation:
Solved Threads: 21
Posting Pro in Training
Yes, && is evaluated first.
From: http://us2.php.net/manual/en/language.operators.php
The next comment also points out that relying on order of operations is a good way to produce bugs and errors.
From: http://us2.php.net/manual/en/language.operators.php
•
•
•
•
09-Jun-2004 05:58
of course this should be clear, but i think it has to be mentioned espacially:
AND is not the same like &&
for example:
<?php $a && $b || $c; ?>
is not the same like
<?php $a AND $b || $c; ?>
the first thing is
(a and b) or c
the second
a and (b or c)
'cause || has got a higher priority than and, but less than &&
of course, using always [ && and || ] or [ AND and OR ] would be okay, but than you should at least respect the following:
<?php $a = $b && $c; ?>
<?php $a = $b AND $c; ?>
the first code will set $a to the result of the comparison $b with $c, both have to be true, while the second code line will set $a like $b and THAN - after that - compare the success of this with the value of $c
maybe usefull for some tricky coding and helpfull to prevent bugs
greetz, Warhog
www.uncreativelabs.net
Old computers are getting to be a lost art. Here at Uncreative Labs, we still enjoy using the old computers. Sometimes we want to see how far a particular system can go, other times we use a stock system to remind ourselves of what we once had.
Old computers are getting to be a lost art. Here at Uncreative Labs, we still enjoy using the old computers. Sometimes we want to see how far a particular system can go, other times we use a stock system to remind ourselves of what we once had.
Just a quick thought, you are not filtering any input from the login form. If I happened to put my user name as (delete * from users where 1), all of your user information would dissappear.
I suggest that you run your input data through at least htmlentities, this would convert the perens and astrix to their ascii equivilent.
Also, just semantics, you could put your data into an array and then store that array in the $_SESSION
Just one of many ways to do this.
I suggest that you run your input data through at least htmlentities, this would convert the perens and astrix to their ascii equivilent.
Also, just semantics, you could put your data into an array and then store that array in the $_SESSION
if (isset($_POST['username']) && !empty($_POST['password'])) {
$user = array(
'uname' = htmlentities($_POST['username']),
'pswd' = htmlentities($_POST['password'])
);
$sql = "SELECT * FROM users where username = '".$user['uname']."' AND password = '".$user['pswd]."'";
$loginquery = mysql_query($sql,$connection);
//row count conditional goes here
while ($row = mysql_fetch_assoc($loginquery)) {
if($row[Username]==$uname && $row[Userpassword]==$pword){
$user['userid'] = $row['Userid'];
$user['artist'] = $row['Artist'];
$user['moderator'] = $row['moderator'];
$_SESSION['user'] = $user;
}
}Just one of many ways to do this.
|
Similar Threads
- Mysql_num_rows($result) (PHP)
Other Threads in the PHP Forum
- Previous Thread: vBulletin mod_rewrite
- Next Thread: Sql???????
Views: 3128 | Replies: 11
| Thread Tools | Search this Thread |
Latest PHP Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
Tag cloud for PHP
.htaccess access ajax apache api array autosuggest beginner binary broken cakephp checkbox class cms code cron curl database date directory display download dynamic echo email emptydisplayvalue error explodefunction file files folder form forms function functions google href htaccess html image include insert integration ip java javascript joomla jquery keywords limit link login loop mail menu methods mlm mod_rewrite multiple mysql oop parse paypal pdf php problem query radio random recursion regex remote script search searchbox select server sessions sms soap source space speed sql structure syntax system table tutorial update updates upload url validation validator variable video web xml youtube
