Do you mean this is the right code :
<?php
$link = mysql_connect("localhost", "Database username", "Database password")
or die("Could
not connect: " . mysql_error());
mysql_select_db("Database name", $link);
$UserName = $_GET['UserName'];
$Password = $_GET['Password'];
$Serial = $_GET['Serial'];
$query = "SELECT Serial, Password from accounts where UserName='$UserName'";
$result = mysql_query($query) or die("Query errort: " . mysql_error());
$row = mysql_fetch_row($result) or die("User Not found: " . mysql_error());
$Serial = htmlspecialchars($row[0]);
$UserPassword = $row[1];
$UserSerial = $row[1];
mysql_close($link);
if($UserSerial == $Serial){
print<<<END
<HTML>
<BODY>
Right serial!
</BODY></HTML>
END;
}else{
print<<<END
<HTML>
<BODY>
Sorry, wrong serial!
</BODY></HTML>
END;
}
if($UserPassword == $Password){
print<<<END
<HTML>
<BODY>
Logged in successfully
</BODY></HTML>
END;
}else{
print<<<END
<HTML>
<BODY>
Sorry, wrong password!
</BODY></HTML>
END;
}
?>
----- Original Message -----
From: "Jeremy Davis" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, January 19, 2004 9:40 PM
Subject: RE: [PHP] Is this code right?
> <snip>
> >$query = "SELECT Serial, Password from accounts where
> UserName='$UserName'";
> >$result = mysql_query($query) or die("Query errort: " . mysql_error());
> >$row = mysql_fetch_row($result) or die("User Not found: " .
mysql_error());
>
> mysql_fetch_row only pulls data one cell at a time so you would need to
call
> $row[0] twice to get the two cells before calling the next row.
>
>
> >$Serial = htmlspecialchars($row[0]);
> >
> >
> mysql_select_db is for selecting the database and NOT the table, the
> SELECT statement must be something like this: "select SOMETHING from
> TABLE where WHERE_CLAUSE"
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
