i just downloaded a login script and the code below is the php backend for the login. It is originally using md5 encryption and decryption for the password. For some reason I want to manage the password without encryption for now. my database has a member with login name and password. please see the line indicated with " ***" it keep complaining "databaseQuery failed"
I really have no more idea what could be wrong with that line of code, please help me. Thanks.

	//Start session
	//Include database connection details
	//Array to store validation errors
	$errmsg_arr = array();
	//Validation error flag
	$errflag = false;
	//Connect to mysql server
	$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
	if(!$link) {
		die('Failed to connect to server: ' . mysql_error());
	else{echo" connection is good";}
	//Select database
	$db = mysql_select_db(DB_DATABASE);
	if(!$db) {
		die("Unable to select database");
	else{echo "connected to database";}
	//Function to sanitize values received from the form. Prevents SQL injection
	function clean($str) {
		$str = @trim($str);
		//get_magic_quotes_gpc returns 0 if off, 1 otherwise
		if(get_magic_quotes_gpc()) {
			$str = stripslashes($str);
		return mysql_real_escape_string($str);
	//Sanitize the POST values
	$login = clean($_POST['login']);
	$password = clean($_POST['password']);
	//Input Validations
	if($login == '') {
		$errmsg_arr[] = 'Login ID missing';
		$errflag = true;
	if($password == '') {
		$errmsg_arr[] = 'Password missing';
		$errflag = true;
	//If there are input validations, redirect back to the login form
	if($errflag) {
		$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
		header("location: login-failed.php");
	*************** error below *****************
	//Create query
	$qry="SELECT * FROM members WHERE login='$login' AND passwd='$password' ";
         /*** this is the original but i don't need md5 so i modified it to be the above one*** / 
	//$qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'";
        ************ end error ************************
	//Check whether the query was successful or not
	if($result) {
		if(mysql_num_rows($result) == 1) {
			//Login Successful
			$member = mysql_fetch_assoc($result);
			$_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
			$_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
			$_SESSION['SESS_LAST_NAME'] = $member['lastname'];
			header("location: member-index.php");
		}else {
			//Login failed
			header("location: login-failed.php");
	}else {
		die("Query failed");
7 Years
Discussion Span
Last Post by k2k

is the code working already with the original query?

people commented that the codes are working. however in my case, it is not working. i tested it that it is connected to the database successfully. and that line of select statement looks right to me.

actually i think everything else is working (when i left both login and password blank it would send me to the login-fail.php page as supposed to) it looks like it is just that line of query got some issue.



How about the tables or the fields?Are they correct?The code seems fine.

huh, thanks for your help. that was a good guess. i got 2 database and i connected to the wrong one. = P

thanks a ton


No problem bro, mark this thread as solved now. Don't forget the rep! ;)

of course, thanks again.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.