Hi everyone,

was trying to make login. wanted to make the query to get details off sql safer and used sprintf but it does not work.

the code is as follow:

<?php
session_start();
include('db.php');

if(isset($_POST['submit'])) :
	// Username and password sent from signup form
	//stripping
	$username = strip_tags($_POST['username']);
	$password = sha1(strip_tags($_POST['password']));

	// Making query safer
	$query = sprintf("SELECT ID FROM members WHERE username = '%s' AND user_password = '%s' LIMIT 1;", mysql_real_escape_string($username), mysql_real_escape_string($password));
	
	$result = mysql_query($query);
	if(1 != mysql_num_rows($result)) :
		// MySQL returned zero rows (or there's something wrong with the query)
echo "Login failed";
	else :
		// We found the row that we were looking for
		$row = mysql_fetch_assoc($result);
		
		// Register the user ID for further use
		$_SESSION['member_ID'] = $row['ID'];
		header('Location: members-only.php');
	endif;
endif;
?>

I entered the login details i stored in mysql but get 'Login failed' no matter wat i enter in the login form.

Any help would be appreciated.

Thank you

Recommended Answers

All 3 Replies

Try removing the ; after the LIMIT 1...

R

Yeah tried it. Still getting the same error :(

Have you turned on php error reporting, and if so, what errors does that give you?

Also, do you select the database that uses the table, members?

You might also want to reformat your SQL query to read:
"SELECT ID FROM `databaseName`.`members` WHERE `username` = '%s' AND `user_password` = '%s' LIMIT 1"

Obvious thought, are the fields you're trying to select from spelt correctly and in the correct case?

R

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.