That makes great sence, however when I tried using $_POST in my SQL statement it would not work.
This works fine: $query = "SELECT * FROM users WHERE email='".$username."'"; But this one doesnt at all: $query = "SELECT * FROM users WHERE email='",$_POST['username'],"'"; It does however work for all the echo commands and It is also correct when I echo the statement: echo "SELECT * FROM users WHERE email='",$_POST['username'],"'"; Am I missing something? Thanks again, Aaron "Justin Patrin" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > You should generally $_POST for all posted variables, $_GET for all > "get" variables (in the query string / url), and the other > superglobals for other such things. If you don't care if it's POST, > GET, or a cookie, you can use $_REQUEST. > > register_globals is a setting in your php.ini. It's best practice to > set this to "off". What this means for you is that variables sent by > the user are not registered as global variables. i.e. $username will > no longer work, you have to use $_POST['username']. Search the php > lists for lots more discussion on this matter. > > For more on superglobals: > http://www.php.net/manual/en/language.variables.predefined.php > For the list archives, click the "Archive" links here: > http://www.php.net/mailing-lists.php > > On Mon, 19 Jul 2004 13:27:15 -0400, Aaron Todd <[EMAIL PROTECTED]> wrote: > > Jon, > > > > Thanks for the info. I did change the LIKE to =. This was done just for my > > debugging. I do have it set to = on a normal basis. > > > > I am a little unsure what you mean at the end of your reply about register > > globals. Are you saying that everywhere I use $username to refer to the > > users inputed username I should use $_POST['username'] instead? Or are you > > suggesting to use this in one location. > > > > Thanks again for the reply, > > > > Aaron > > > > "Jonathan Haddad" <[EMAIL PROTECTED]> wrote in message > > news:[EMAIL PROTECTED] > > > > > > > if you have shell access, please do the following > > > > > > describe users; > > > select * from users; > > > > > > also, why are you using LIKE instead of =? > > > use this instead: > > > > > > $query = "SELECT * FROM users WHERE email = '".$username."'"; > > > > > > i would also suggest turning off register globals and using > > > $_POST['username'] and not $username. (i'm assuming it's on given your > > code) > > > > > > Jon > > > > > > Aaron Todd wrote: > > > > > > >I am just starting out with PHP and I have created a simple login program > > > >that is supposed to check users input with a mysql database. I am doing > > 5 > > > >verifications before the program is completed...Check for the Submit > > button, > > > >check for a valid email address(which is the username), check for a valid > > > >password, check to see if the username exists in the database, and > > finally > > > >check to see if the password matches the database for the coresponding > > > >username. Currently you dont get access to a site you only get told what > > > >your password is in the database. > > > > > > > >Everything is technically working, but its not perfect and I think I need > > > >some help. I have entered 2 records in the database for testing > > purposes. > > > >When I put in username1 and password1 it works. The program returns the > > > >coresponding password. When I change to username2 and still put in > > > >password1 it will return password1. > > > > > > > >I have done some debuging and I am unsure of what is really happening. > > My > > > >code is below. Would anyone be able to tell me what I am doing wrong. > > > > > > > >Thanks, > > > > > > > >Aaron > > > > > > > ><html> > > > ><body> > > > ><?php > > > >if ($submit) { > > > > //VALID USERNAME/EMAIL ADDRESS > > > > if > > > > > >(!ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+'.'@'.'[!#$%&\'*+\\/0-9=?A-Z^_` > > a > > > >-z{|}`]+\.'.'[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$', $username)) { > > > > $error = "You must enter a valid email address for your > > username.<br>"; > > > > echo "$error<br>"; > > > > } else { > > > > $db = mysql_connect("localhost", "username", "password"); > > > > mysql_select_db("database",$db); > > > > $query = "SELECT * FROM users WHERE email LIKE '".$username."'"; > > > > echo "$query<br>"; > > > > $result = mysql_query($query,$db); > > > > $num_rows = mysql_num_rows($result); > > > > echo "There are $num_rows records matching $username<br>"; > > > > //VALID PASSWORD > > > > echo "Entered User Name: $username<br>"; > > > > echo "Entered Password: $passw<br>"; > > > > if (strlen($passw) < 6 || !preg_match('/[a-z]/i', $passw) || > > > >!preg_match('/[0-9]/', $passw)) { > > > > $error = "Invalid Password. Must be greater than six characters > > > >containing at least one number.<br>"; > > > > echo "$error<br>"; > > > > } else { > > > > //USERNAME/EMAIL ADDRESS IN DATABASE > > > > if (!$num_rows){ > > > > $error = "Username was not found. Please Register."; > > > > echo "$error<br>"; > > > > die(mysql_error()); > > > > } else { > > > > //ENTERED PASSWORD IN DATABASE > > > > if (!$passw = mysql_result($result,0,"pass")){ > > > > $error = "Invalid Password.<br>"; > > > > echo "$error<br>"; > > > > } else { > > > > printf("Password is %s<br>\n", mysql_result($result,0,"pass")); > > > > } > > > > } > > > > } > > > > } > > > >} else { > > > > > > > > ?> > > > > > > > ><form method="post" action="<?php echo $PHP_SELF?>"> > > > > > > > > User Name:<input type="Text" name="username"><br> > > > > > > > > Password:<input type="Text" name="passw"><br> > > > > > > > > <input type="Submit" name="submit" value="Enter information"> > > > > > > > > </form> > > > > > > > ><?php > > > > > > > >} // end if > > > > > > > > > > > >?> > > > > > > > ></body> > > > > > > > ></html> > > > > > > > > > > > > > > > > -- > > PHP Database Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > !DSPAM:40fc074a164631045595694! > > > > > > > -- > DB_DataObject_FormBuilder - The database at your fingertips > http://pear.php.net/package/DB_DataObject_FormBuilder > > paperCrane --Justin Patrin-- -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
