0

Hi all,

The following script works fine by allowing me to set a session variable with the users password, but i can seem to extract other information that isnt included in the $_POST.

I know usually i would use something like

while ($row = mysql_fetch_array($sql))
{
$user_type = $row['user_type'];
}

but when i do i just get a blank screen when submitting.

This is the code that works (without the bit above).

// username and password sent from form
$user_email=$_POST['user_email'];
$user_password=$_POST['user_password'];

// To protect MySQL injection (more detail about MySQL injection)
$user_email = stripslashes($user_email);
$user_password = stripslashes($user_password);
$user_email = mysql_real_escape_string($user_email);
$user_password = mysql_real_escape_string($user_password);

echo $sql="SELECT * FROM $tbl_name WHERE user_email='$user_email' and user_password='$user_password'";
$result=mysql_query($sql);
///////////////////I PUT THE WHILE IN HERE////////////////////
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_start();
$_SESSION['user_email'] = $user_email;
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>

Am i putting it in the wrong place?

2
Contributors
1
Reply
2
Views
7 Years
Discussion Span
Last Post by Will Gresham
0

You should be using $result in the mysql_fetch_array() function, not $sql as this expects to receive the result of an SQL query.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.