Correct me if I am wrong....

But shouldn't the if statement be 

if (!$_POST['passw'] == mysql_result($result,0,"pass")){

not

if (!$_POST['passw'] = mysql_result($result,0,"pass")){

Two equal signs not one...

Regards,
Neal

-----Original Message-----
From: Hutchins, Richard [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 19, 2004 12:38 PM
To: [EMAIL PROTECTED]
Subject: RE: [PHP-DB] Begining PHP...Have Questions

Trade in those commas around your $_POST['username'] for some periods.

Rich


> -----Original Message-----
> From: Aaron Todd [mailto:[EMAIL PROTECTED]
> Sent: Monday, July 19, 2004 2:08 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [PHP-DB] Begining PHP...Have Questions
> 
> 
> That makes great sence, however when I tried using $_POST in my SQL
> statement it would not work.
> 
> This works fine:
> $query = "SELECT * FROM users WHERE email='".$username."'";
> But this one doesnt at all:
> $query = "SELECT * FROM users WHERE email='",$_POST['username'],"'";
> 
> It does however work for  all the echo commands and It is 
> also correct when
> I echo the statement:
> echo "SELECT * FROM users WHERE email='",$_POST['username'],"'";
> 
> Am I missing something?
> 
> Thanks again,
> 
> Aaron
> 
> 
> 
> 
> "Justin Patrin" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
> > You should generally $_POST for all posted variables, $_GET for all
> > "get" variables (in the query string / url), and the other
> > superglobals for other such things. If you don't care if it's POST,
> > GET, or a cookie, you can use $_REQUEST.
> >
> > register_globals is a setting in your php.ini. It's best practice to
> > set this to "off". What this means for you is that variables sent by
> > the user are not registered as global variables. i.e. $username will
> > no longer work, you have to use $_POST['username']. Search the php
> > lists for lots more discussion on this matter.
> >
> > For more on superglobals:
> > http://www.php.net/manual/en/language.variables.predefined.php
> > For the list archives, click the "Archive" links here:
> > http://www.php.net/mailing-lists.php
> >
> > On Mon, 19 Jul 2004 13:27:15 -0400, Aaron Todd 
> <[EMAIL PROTECTED]>
> wrote:
> > > Jon,
> > >
> > > Thanks for the info.  I did change the LIKE to =.  This 
> was done just
> for my
> > > debugging.  I do have it set to = on a normal basis.
> > >
> > > I am a little unsure what you mean at the end of your reply about
> register
> > > globals.  Are you saying that everywhere I use $username 
> to refer to the
> > > users inputed username I should use $_POST['username'] 
> instead?  Or are
> you
> > > suggesting to use this in one location.
> > >
> > > Thanks again for the reply,
> > >
> > > Aaron
> > >
> > > "Jonathan Haddad" <[EMAIL PROTECTED]> wrote in message
> > > news:[EMAIL PROTECTED]
> > >
> > >
> > > > if you have shell access, please do the following
> > > >
> > > > describe users;
> > > > select * from users;
> > > >
> > > > also, why are you using LIKE instead of =?
> > > > use this instead:
> > > >
> > > > $query = "SELECT * FROM users WHERE email = '".$username."'";
> > > >
> > > > i would also suggest turning off register globals and using
> > > > $_POST['username'] and not $username. (i'm assuming 
> it's on given your
> > > code)
> > > >
> > > > Jon
> > > >
> > > > Aaron Todd wrote:
> > > >
> > > > >I am just starting out with PHP and I have created a 
> simple login
> program
> > > > >that is supposed to check users input with a mysql 
> database.  I am
> doing
> > > 5
> > > > >verifications before the program is completed...Check 
> for the Submit
> > > button,
> > > > >check for a valid email address(which is the 
> username), check for a
> valid
> > > > >password, check to see if the username exists in the 
> database, and
> > > finally
> > > > >check to see if the password matches the database for the
> coresponding
> > > > >username.  Currently you dont get access to a site you 
> only get told
> what
> > > > >your password is in the database.
> > > > >
> > > > >Everything is technically working, but its not perfect 
> and I think I
> need
> > > > >some help.  I have entered 2 records in the database 
> for testing
> > > purposes.
> > > > >When I put in username1 and password1 it works.  The 
> program returns
> the
> > > > >coresponding password.  When I change to username2 and 
> still put in
> > > > >password1 it will return password1.
> > > > >
> > > > >I have done some debuging and I am unsure of what is really
> happening.
> > > My
> > > > >code is below.  Would anyone be able to tell me what I am doing
> wrong.
> > > > >
> > > > >Thanks,
> > > > >
> > > > >Aaron
> > > > >
> > > > ><html>
> > > > ><body>
> > > > ><?php
> > > > >if ($submit) {
> > > > >  //VALID USERNAME/EMAIL ADDRESS
> > > > >  if
> > > >
> > >
> >(!ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+'.'@'.'[!#$%&\'*+
> \\/0-9=?A-Z^_`
> > > a
> > > > >-z{|}`]+\.'.'[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$', 
> $username)) {
> > > > >    $error = "You must enter a valid email address for your
> > > username.<br>";
> > > > >    echo "$error<br>";
> > > > >  } else {
> > > > >    $db = mysql_connect("localhost", "username", "password");
> > > > >    mysql_select_db("database",$db);
> > > > >    $query = "SELECT * FROM users WHERE email LIKE 
> '".$username."'";
> > > > >    echo "$query<br>";
> > > > >    $result = mysql_query($query,$db);
> > > > >    $num_rows = mysql_num_rows($result);
> > > > >    echo "There are $num_rows records matching $username<br>";
> > > > >    //VALID PASSWORD
> > > > >    echo "Entered User Name:  $username<br>";
> > > > >    echo "Entered Password:  $passw<br>";
> > > > >    if (strlen($passw) < 6 || !preg_match('/[a-z]/i', 
> $passw) ||
> > > > >!preg_match('/[0-9]/', $passw)) {
> > > > >      $error = "Invalid Password.  Must be greater than six
> characters
> > > > >containing at least one number.<br>";
> > > > >      echo "$error<br>";
> > > > >    } else {
> > > > >      //USERNAME/EMAIL ADDRESS IN DATABASE
> > > > >      if (!$num_rows){
> > > > >        $error = "Username was not found.  Please Register.";
> > > > >        echo "$error<br>";
> > > > >        die(mysql_error());
> > > > >      } else {
> > > > >        //ENTERED PASSWORD IN DATABASE
> > > > >        if (!$passw = mysql_result($result,0,"pass")){
> > > > >          $error = "Invalid Password.<br>";
> > > > >          echo "$error<br>";
> > > > >        } else {
> > > > >          printf("Password is %s<br>\n",
> mysql_result($result,0,"pass"));
> > > > >        }
> > > > >      }
> > > > >    }
> > > > >  }
> > > > >} else {
> > > > >
> > > > >  ?>
> > > > >
> > > > ><form method="post" action="<?php echo $PHP_SELF?>">
> > > > >
> > > > >  User Name:<input type="Text" name="username"><br>
> > > > >
> > > > >  Password:<input type="Text" name="passw"><br>
> > > > >
> > > > >  <input type="Submit" name="submit" value="Enter information">
> > > > >
> > > > >  </form>
> > > > >
> > > > ><?php
> > > > >
> > > > >} // end if
> > > > >
> > > > >
> > > > >?>
> > > > >
> > > > ></body>
> > > > >
> > > > ></html>
> > > > >
> > > > >
> > > > >
> > >
> > > --
> > > PHP Database Mailing List (http://www.php.net/)
> > > To unsubscribe, visit: http://www.php.net/unsub.php
> > >
> > >
> > > !DSPAM:40fc074a164631045595694!
> > >
> > >
> >
> >
> > -- 
> > DB_DataObject_FormBuilder - The database at your fingertips
> > http://pear.php.net/package/DB_DataObject_FormBuilder
> >
> > paperCrane --Justin Patrin--
> 
> -- 
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to