Member Avatar for whiteyoh

Hi all,

The following script works fine by allowing me to set a session variable with the users password, but i can seem to extract other information that isnt included in the $_POST.

I know usually i would use something like

while ($row = mysql_fetch_array($sql))
{
$user_type = $row['user_type'];
}

but when i do i just get a blank screen when submitting.

This is the code that works (without the bit above).

// username and password sent from form
$user_email=$_POST['user_email'];
$user_password=$_POST['user_password'];

// To protect MySQL injection (more detail about MySQL injection)
$user_email = stripslashes($user_email);
$user_password = stripslashes($user_password);
$user_email = mysql_real_escape_string($user_email);
$user_password = mysql_real_escape_string($user_password);

echo $sql="SELECT * FROM $tbl_name WHERE user_email='$user_email' and user_password='$user_password'";
$result=mysql_query($sql);
///////////////////I PUT THE WHILE IN HERE////////////////////
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_start();
$_SESSION['user_email'] = $user_email;
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>

Am i putting it in the wrong place?

  • 2 Contributors
  • 1 Reply
  • 63 Views
  • 10 Hours Discussion Span
  • Latest Post Latest Post by Will Gresham
Member Avatar for Will Gresham

You should be using $result in the mysql_fetch_array() function, not $sql as this expects to receive the result of an SQL query.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.