0

Hey,
My login form somehow isnt working and i cant find out why:S
I tried shifting around the variables but it still wont work.The code is:

<?php

$id=$_POST["empid"];

$pass=$_POST["password"];

if(empty($id)|| empty($pass))
{
header("location:login.html");
}

else
{

     require_once("dbconn.php");

$sql = "SELECT empid,surname,firstname,jobid,jobtitle FROM employee,jobs WHERE empid='$id' AND password='$pass' AND jobs.jobid=employee.jobid";

     $rs = mysql_query($sql, $dbConn);

    
     if (mysql_num_rows($rs)> 0 ) 
       {
         session_start();
         $_SESSION["who"] = $id;
         $_SESSION["sname"] = mysql_result($rs,0,"surname");
         $_SESSION["firstname"] = mysql_result($rs,0,"firstname");
         $_SESSION["jid"] = mysql_result($rs,0,"jobid");
         $_SESSION["jtitle"] = mysql_result($rs,0,"jobtitle");
         header("location: choosereview.php");
         }
    else
      {
       header("location: employee.php");
      }
}

?>

Everytime i try logining in, when i leave it empty it works,but when i type the right user name and password,instead of taking me to the choosereview.php it takes me to employee.php.It does the same even when im wrong.I mean it works fine for wrong,but it wont work fine when its right.I also needed to know if this was the right way to access data from two tables?I have doubts that, that might be the problem.

4
Contributors
8
Replies
9
Views
7 Years
Discussion Span
Last Post by Roses89
0

1) at line 18 add following line

echo $sql;

copy the dynamic query from browser and run it in mysql client or phpmyadmin what ever you are using, now see the result.

2) change line no 22 as given

if ( mysql_result($rs,0,"empid") =$id )
0

Do you have any record in the 'job' table for that employee? because you are inner joining the job and employee table on job id field. So if there is no record for that employee it will take you to the employee.php form.
You can add the following test code to check the number of records:
(put that code on line 20, after mysql_query )

echo mysql_num_rows($rs)."<hr>";
exit;

Also always use mysql_real_escape_string() function to remove the special characters for your form variables to avoid SQL Injection. Otherwise your website can be hacked pretty easily.

0
if (mysql_num_rows($rs)> 0 )

The above condition not satisfying, that is you couln't get any rows from the query. check if the query gives the proper output. It doesn't give now. Just check your query by pasting the same into your sql editor and check over there. If not excepted result come, then modify the query and get the result. Paste the resultant query in php and it will work.

0

I got the query working.I esp made another php file to check that out.Its working:)@Raja

Yes i do have a job table for employees.I tried the sql query separately and its working fine.Its just when i try using it in the login.php file it stuffs up:( @VirtualBase

Il try that out and let u know in a mint if that works@urtrivedi

0

I tried doing what urtrivedi said but it gives me the following error:

Fatal error: Can't use function return value in write context in I:\....\login.php on line 23 i.e the if statement:S

0

Your existing code is fine. So undo the change you made.

Also please check you have the correct variable names empid & password. Do you get the values in these two variables?

0

Please use echo for printing the variables and check whether you get all the variables value you used all over the program?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.