Re: [PHP-DB] Beginners Problem

2008-01-08 Thread Evert Lammerts 

Hi Ben,

Number of things wrong with your code, look below.


$select_sql = sprintf("SELECT `username` FROM `users` WHERE `username` =
'$user' AND `password` = '$pass'", mysql_real_escape_string($user),
mysql_real_escape_string($pass));
  
In the string you are printing using sprintf you need to use a 
conversion specification (see http://uk2.php.net/sprintf), in your case 
%s. It will look like this:


sprintf("SELECT `username` FROM `users` WHERE `username`='%s' AND `password` = 
'%s'", mysql_real_escape_string($user),
mysql_real_escape_string($pass))


if($select_sql_two)
As Peter points out, mysql_query (http://uk2.php.net/mysql_query) will 
always return a resource if and only if the query syntax was correct, 
even if the actual result set is empty. Knowing that anything that is 
not <= 0, null or false will return true, the above condition will 
always be true (which is why the login works). So instead, use one of 
the mysql_fetch functions, e.g.


if ($row = mysql_fetch_array($select_sql_two))

Couple of other tips. Put your php functionality for login in a 
function, with username and password as parameters (function 
login($user, $pass)). This way you can reuse it, and it makes your code 
a lot easier to handle. Also, instead of printing an HTML redirect I'd 
recommend doing the redirect in the HTTP header (http://uk.php.net/header).


if (!empty($_POST['username']) && !empty($_POST['password'])) 
login($_POST['username'], $_POST['password']);

else header(|'location: members.php'|);

Do remember that in order to use the header function you cannot output 
anything else before the function is called, like it says in the manual.


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] Beginners Problem

2008-01-08 Thread ioannes 

I use:

if(ISSET($select_sql_two)&&$select_sql_two<>""&&!is_null($select_sql_two)) {

or

if($select_sql_two=="submit") {

if "submit" is the button value.  I am not sure which is best.

John

Ben Stones wrote:

Hello,

I am having another problem with PHP, and I have tried rectifying the
problem with each try failing. The problem I have is, whenever I refresh the
page or visit the URL to where the login form is (which is index.php), it
automatically refreshes to the members page, even if I did not click the
'Submit' button (with or without the correct login details, for that matter,
even if I did click the 'Submit' button). I hope someone will be able to
help me in some way or another to rectify the issue; I have tried seeing all
possibilities of the problem. Once more, I am relatively knew to PHP, so I
appreciate help towards the right direction.

Cheers,
Ben Stones.

(PS: The PHP code is below)

$con = mysql_connect("localhost", "ben_test", "removed") or
die(mysql_error());
$db = mysql_select_db("ben_test") or die(mysql_error());
$user = $_POST['username'];
$pass = $_POST['password'];
$select_sql = sprintf("SELECT `username` FROM `users` WHERE `username` =
'$user' AND `password` = '$pass'", mysql_real_escape_string($user),
mysql_real_escape_string($pass));
$select_sql_two = mysql_query($select_sql);

if($select_sql_two) {
echo 'Redirecting you to members page...';
echo '[meta http-equiv="refresh" content="5;url=members.php" /]';
}
else {
echo 'Error';
}

I've changed the HTML code, by the way, so it doesn't render the HTML code
in some mail boxes.

  


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] Beginners Problem

2008-01-08 Thread Juan Mas 
The way I normally run any sort of form page is something like this.  (im
fairly new as well)

Since youre setting $select_sql_two without any conditions, it is setting
the refresh on the page and therefore redirecting you to members.php

You should then place some sort of authentication on the members.php so that
people cant just go there directly.

if(isset($_POST['submit'])) {

 run sql query

} else {

... display login form

}

On Jan 8, 2008 9:51 AM, Ben Stones <[EMAIL PROTECTED]> wrote:

> Hello,
>
> I am having another problem with PHP, and I have tried rectifying the
> problem with each try failing. The problem I have is, whenever I refresh
> the
> page or visit the URL to where the login form is (which is index.php), it
> automatically refreshes to the members page, even if I did not click the
> 'Submit' button (with or without the correct login details, for that
> matter,
> even if I did click the 'Submit' button). I hope someone will be able to
> help me in some way or another to rectify the issue; I have tried seeing
> all
> possibilities of the problem. Once more, I am relatively knew to PHP, so I
> appreciate help towards the right direction.
>
> Cheers,
> Ben Stones.
>
> (PS: The PHP code is below)
>
> $con = mysql_connect("localhost", "ben_test", "removed") or
> die(mysql_error());
> $db = mysql_select_db("ben_test") or die(mysql_error());
> $user = $_POST['username'];
> $pass = $_POST['password'];
> $select_sql = sprintf("SELECT `username` FROM `users` WHERE `username` =
> '$user' AND `password` = '$pass'", mysql_real_escape_string($user),
> mysql_real_escape_string($pass));
> $select_sql_two = mysql_query($select_sql);
>
> if($select_sql_two) {
> echo 'Redirecting you to members page...';
> echo '[meta http-equiv="refresh" content="5;url=members.php" /]';
> }
> else {
> echo 'Error';
> }
>
> I've changed the HTML code, by the way, so it doesn't render the HTML code
> in some mail boxes.
>



-- 
-Juan

[PHP-DB] Beginners Problem

2008-01-08 Thread Ben Stones 
Hello,

I am having another problem with PHP, and I have tried rectifying the
problem with each try failing. The problem I have is, whenever I refresh the
page or visit the URL to where the login form is (which is index.php), it
automatically refreshes to the members page, even if I did not click the
'Submit' button (with or without the correct login details, for that matter,
even if I did click the 'Submit' button). I hope someone will be able to
help me in some way or another to rectify the issue; I have tried seeing all
possibilities of the problem. Once more, I am relatively knew to PHP, so I
appreciate help towards the right direction.

Cheers,
Ben Stones.

(PS: The PHP code is below)

$con = mysql_connect("localhost", "ben_test", "removed") or
die(mysql_error());
$db = mysql_select_db("ben_test") or die(mysql_error());
$user = $_POST['username'];
$pass = $_POST['password'];
$select_sql = sprintf("SELECT `username` FROM `users` WHERE `username` =
'$user' AND `password` = '$pass'", mysql_real_escape_string($user),
mysql_real_escape_string($pass));
$select_sql_two = mysql_query($select_sql);

if($select_sql_two) {
echo 'Redirecting you to members page...';
echo '[meta http-equiv="refresh" content="5;url=members.php" /]';
}
else {
echo 'Error';
}

I've changed the HTML code, by the way, so it doesn't render the HTML code
in some mail boxes.