Re: [PHP-DB] Beginners Problem
Hi Ben, Number of things wrong with your code, look below. $select_sql = sprintf("SELECT `username` FROM `users` WHERE `username` = '$user' AND `password` = '$pass'", mysql_real_escape_string($user), mysql_real_escape_string($pass)); In the string you are printing using sprintf you need to use a conversion specification (see http://uk2.php.net/sprintf), in your case %s. It will look like this: sprintf("SELECT `username` FROM `users` WHERE `username`='%s' AND `password` = '%s'", mysql_real_escape_string($user), mysql_real_escape_string($pass)) if($select_sql_two) As Peter points out, mysql_query (http://uk2.php.net/mysql_query) will always return a resource if and only if the query syntax was correct, even if the actual result set is empty. Knowing that anything that is not <= 0, null or false will return true, the above condition will always be true (which is why the login works). So instead, use one of the mysql_fetch functions, e.g. if ($row = mysql_fetch_array($select_sql_two)) Couple of other tips. Put your php functionality for login in a function, with username and password as parameters (function login($user, $pass)). This way you can reuse it, and it makes your code a lot easier to handle. Also, instead of printing an HTML redirect I'd recommend doing the redirect in the HTTP header (http://uk.php.net/header). if (!empty($_POST['username']) && !empty($_POST['password'])) login($_POST['username'], $_POST['password']); else header(|'location: members.php'|); Do remember that in order to use the header function you cannot output anything else before the function is called, like it says in the manual. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Beginners Problem
I use: if(ISSET($select_sql_two)&&$select_sql_two<>""&&!is_null($select_sql_two)) { or if($select_sql_two=="submit") { if "submit" is the button value. I am not sure which is best. John Ben Stones wrote: Hello, I am having another problem with PHP, and I have tried rectifying the problem with each try failing. The problem I have is, whenever I refresh the page or visit the URL to where the login form is (which is index.php), it automatically refreshes to the members page, even if I did not click the 'Submit' button (with or without the correct login details, for that matter, even if I did click the 'Submit' button). I hope someone will be able to help me in some way or another to rectify the issue; I have tried seeing all possibilities of the problem. Once more, I am relatively knew to PHP, so I appreciate help towards the right direction. Cheers, Ben Stones. (PS: The PHP code is below) $con = mysql_connect("localhost", "ben_test", "removed") or die(mysql_error()); $db = mysql_select_db("ben_test") or die(mysql_error()); $user = $_POST['username']; $pass = $_POST['password']; $select_sql = sprintf("SELECT `username` FROM `users` WHERE `username` = '$user' AND `password` = '$pass'", mysql_real_escape_string($user), mysql_real_escape_string($pass)); $select_sql_two = mysql_query($select_sql); if($select_sql_two) { echo 'Redirecting you to members page...'; echo '[meta http-equiv="refresh" content="5;url=members.php" /]'; } else { echo 'Error'; } I've changed the HTML code, by the way, so it doesn't render the HTML code in some mail boxes. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Beginners Problem
The way I normally run any sort of form page is something like this. (im fairly new as well) Since youre setting $select_sql_two without any conditions, it is setting the refresh on the page and therefore redirecting you to members.php You should then place some sort of authentication on the members.php so that people cant just go there directly. if(isset($_POST['submit'])) { run sql query } else { ... display login form } On Jan 8, 2008 9:51 AM, Ben Stones <[EMAIL PROTECTED]> wrote: > Hello, > > I am having another problem with PHP, and I have tried rectifying the > problem with each try failing. The problem I have is, whenever I refresh > the > page or visit the URL to where the login form is (which is index.php), it > automatically refreshes to the members page, even if I did not click the > 'Submit' button (with or without the correct login details, for that > matter, > even if I did click the 'Submit' button). I hope someone will be able to > help me in some way or another to rectify the issue; I have tried seeing > all > possibilities of the problem. Once more, I am relatively knew to PHP, so I > appreciate help towards the right direction. > > Cheers, > Ben Stones. > > (PS: The PHP code is below) > > $con = mysql_connect("localhost", "ben_test", "removed") or > die(mysql_error()); > $db = mysql_select_db("ben_test") or die(mysql_error()); > $user = $_POST['username']; > $pass = $_POST['password']; > $select_sql = sprintf("SELECT `username` FROM `users` WHERE `username` = > '$user' AND `password` = '$pass'", mysql_real_escape_string($user), > mysql_real_escape_string($pass)); > $select_sql_two = mysql_query($select_sql); > > if($select_sql_two) { > echo 'Redirecting you to members page...'; > echo '[meta http-equiv="refresh" content="5;url=members.php" /]'; > } > else { > echo 'Error'; > } > > I've changed the HTML code, by the way, so it doesn't render the HTML code > in some mail boxes. > -- -Juan
[PHP-DB] Beginners Problem
Hello, I am having another problem with PHP, and I have tried rectifying the problem with each try failing. The problem I have is, whenever I refresh the page or visit the URL to where the login form is (which is index.php), it automatically refreshes to the members page, even if I did not click the 'Submit' button (with or without the correct login details, for that matter, even if I did click the 'Submit' button). I hope someone will be able to help me in some way or another to rectify the issue; I have tried seeing all possibilities of the problem. Once more, I am relatively knew to PHP, so I appreciate help towards the right direction. Cheers, Ben Stones. (PS: The PHP code is below) $con = mysql_connect("localhost", "ben_test", "removed") or die(mysql_error()); $db = mysql_select_db("ben_test") or die(mysql_error()); $user = $_POST['username']; $pass = $_POST['password']; $select_sql = sprintf("SELECT `username` FROM `users` WHERE `username` = '$user' AND `password` = '$pass'", mysql_real_escape_string($user), mysql_real_escape_string($pass)); $select_sql_two = mysql_query($select_sql); if($select_sql_two) { echo 'Redirecting you to members page...'; echo '[meta http-equiv="refresh" content="5;url=members.php" /]'; } else { echo 'Error'; } I've changed the HTML code, by the way, so it doesn't render the HTML code in some mail boxes.