Im new to programming and I'm trying to create a login form using php/mysql and I have faced some problems. I cannot understand why my sql code cannot being executed, Im using localhost. Could you guys help me?
Thanks
Here is the code that i wrote
<?php
$host = "localhost";
$user = "root";
$pass = "";
$db = "login";
mysql_connect($host, $user, $pass);
mysql_select_db($db);
if (isset($_POST['username'])){
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM users WHERE username'".$username."' AND password='".$password."' LIMIT 1";
$res = mysql_query($sql);
if (mysql_num_rows($res) == 1){
echo "You have successfully logged in.";
exit();
}else{
echo "Invalid password information.";
exit();
}
}
?>
I think you forgot =
$sql = "SELECT * FROM users WHERE username='".$username."' AND password='".$password."' LIMIT 1";
Simple Typo:
Change:
$sql = "SELECT * FROM users WHERE username'".$username."' AND password='".$password."' LIMIT 1";
To:
$sql = "SELECT * FROM users WHERE username = '".$username."' AND password='".$password."' LIMIT 1";
Another thing, you don't need to fetch all fields from database table if you don't need them.
This slows down speed of page load.
You can fetch only id field.
You are fetching number of rows, so, your query should be:
SELECT id FROM users WHERE username ...
Related
I am new to php.
I am doing login for user, then I would like to compare the username and password of the person when he/she login to every rows in my database table.
For this case, assume user= michael, pssword =1234
I got this:
$username= "michael";
$password= "1234";
include("includes/connect.php");
$mobile_user = "select * from mobileuser" ;
$query = mysqli_query ($conn, $mobile_user);
while($results = mysqli_fetch_array ($query)){
$user_name = $results['mobile_user_name'];
$pass = $results['mobile_user_pass'];
}
However, this only compare to the last row of data in my database table.
For example, if username=michael n password=1234 is located in the last row of my database table, then login success, if it does not located at the last row, login failed.
Anyone can help?
You should modify your code as:
$username= "michael";
$password= "1234";
include("includes/connect.php");
$mobile_user = "SELECT * FROM mobileuser WHERE mobile_user_name='$username' AND mobile_user_pass='$password' LIMIT 0,1";
$query = mysqli_query ($conn, $mobile_user);
$result = mysqli_fetch_array ($query);
$user_name = $result['mobile_user_name'];
$pass = $result['mobile_user_pass'];
This should work like a charm. However a better version of this would be:
$username= "michael";
$password= "1234";
include("includes/connect.php");
$mobile_user = "SELECT count(*) as count FROM mobileuser WHERE mobile_user_name='$username' AND mobile_user_pass='$password'";
$query = mysqli_query ($conn, $mobile_user);
$result = mysqli_fetch_array ($query);
if($result['count'] > 0){
echo "Match Found.";
}
If you want to check if a user's credential are valid, you should count the number of rows where they match ; if this is less than one, the credentials provided are invalid. SQL query :
SELECT COUNT(*) AS number, mobile_user_name, mobile_user_pass FROM mobileuser WHERE mobile_user_name = 'someusername' AND mobile_user_pass = 'somepass'
Note that you should prevent your code from SQL injections, and you may want to store hashed passwords in your database to avoid stocking them in cleartext.
give this a go:
require_once ('con.php');
$q = "SELECT `password` FROM `tbl_where_user_is` WHERE `tbl_row_username` = '$username'";
$r = mysqli_query($db_connnect, $q);
$row = mysqli_fetch_array($r);
$r = mysqli_query ($db_connnect, $q);
if(mysqli_num_rows($r)==1)
{
echo $username;
}else{
echo "user not found";
}
I have a problem with my script: i believe mysql_num_rows won't find anything from my database even though i know there is something in there (two records actually).... Anyone help?
<?php
$con = mysql_connect("localhost","root","root") or die(mysql_error());
$db = mysql_select_db("usersData", $con) or die(mysql_error());
$username = mysql_real_escape_string($username, $con) or die(mysql_error());
$query = "SELECT * FROM `usersInfo` WHERE `Username`='$username'";
$result = mysql_query($con, $query) or die(mysql_error());
$num_rows = mysql_num_rows($result) or die(mysql_error());
if($num_rows == 0)
{
//header('Location: login.php');
echo "meow";
}
?>
i hope this is a better piece of code now. However, when i run it it now gives me a white page?
Check these two lines:
$username = mysql_real_escape_string($username);
$query = "SELECT * FROM `usersInfo` WHERE `Username`='$Username'";
variable $username is different than $Username
Variables in php are case sensitive so it is like you are using two different variables here.
Fix your query so it uses the same lower case $username variable you are setting above:
$query = "SELECT * FROM `usersInfo` WHERE `Username`='$username'";
I want to count the rows in the users table with specific name and pwd which should be 1 if existed.
but the result always return null(not 0),no matter whether the user existed or not.
I even change the query simple to "SELECT * FROM users", and it ended with the same result.
And I am pretty sure that the name of the DATABASE and TABLE are true,and the table is not empty!
By the way,why I have to use "#" symbol before "mysqli_query" in order to get rid of error?
thx!
enter code here
<?php
#$mysql_db_hostname = "localhost";
$mysql_db_hostname = "127.0.0.1";
$mysql_db_user = "root";
$mysql_db_password = "";
$mysql_db_database = "smartFSUsers";
$con = mysqli_connect($mysql_db_hostname, $mysql_db_user, $mysql_db_password,$mysql_db_database);
if (!$con) {
trigger_error('Could not connect to MySQL: ' . mysqli_connect_error());
}
$name = $_GET["name"];
$password = $_GET["password"];
$query = "SELECT * FROM users WHERE name='$name' AND password='$password'";
$result =#mysqli_query($query,$con);
echo($result);
$row=#mysqli_num_rows($result);
echo"the row num is $row \n";
?>
RTM: http://php.net/mysqli_query
$result =#mysqli_query($query,$con);
You've got your parameters reversed. $con MUST come first:
$result = mysqli_query($con, $query) or die(mysqli_error());
If you had bothered adding error correction to your code, you'd have been told about this. But nope, you opted for # to hide all those error messages.
I'm trying to create a duplicate check with PHP and MySQL and have now tried many different varieties. Nevertheless, my code does not show if the user name already exist. As far as I know this should be the right (of many) formula for a functional duplicate check?
$username = "heihei";
$checkquery = mysqli_query($con,"SELECT * FROM users
WHERE username='$username'") or die(mysqli_error());
if (mysqli_num_rows($checkquery)) {
echo ">0" ;
}else {
echo "0" ;
}
User table looks like this:
ID USERNAME
1 heihei
2 neinei
When defining $username as heihei, result is 0.
Result is the same if I define $username as something.
It will show that the user don't exists already.
What is the problem here?
Do this:
Replace
if (mysqli_num_rows($checkquery)) {
with:
if (mysqli_num_rows($checkquery) > 0) {
and replace echo ">0" ; with echo "Exists"; - that's what I use with success.
Try this also:
$results = "SELECT username FROM users WHERE username = '$username'";
$checkquery = mysqli_query($con,$results) or die(mysqli_error());
if (mysqli_num_rows($checkquery) > 0) {
The way I do it in my script, is this:
$mysqli = new mysqli("xxx","xxx", "xxx", "xxx");
$username = mysqli_real_escape_string($mysqli,$_POST['username']);
$username = $_POST['username'];
$sql = "SELECT username FROM users WHERE username = '$username'";
$results = mysqli_query($mysqli,$sql) or die(mysqli_error());
if (mysqli_num_rows($results) > 0)
{
die("Sorry, that username is already taken.");
}
Also you can use another query:
SELECT COUNT(*) FROM users WHERE `username` = '$username'
And see the results
if(mysqli_num_rows(mysqli_query($checkquery))== 0){
echo "no duplicates";
}
I am trying to create a logging in system for my website. this is what i have.
include('MYSQL_connect_userdata.php');
$query = "SELECT * FROM userinfo WHERE username = '$username' AND password = '$password' ";
$result = mysql_query($query) or die("cant find table");
$count2 = mysql_num_rows($result);
$resultarray = mysql_fetch_array($result);
echo "SELECT * FROM userinfo WHERE username = '$username' AND password = '$password' ";
MYSQL_connect_userdata.php connects to the mysql server and selects the database.
When I paste the output of the
echo "SELECT * FROM userinfo WHERE username = '$username' AND password = '$password' ";
phpmyadmin returns the row that i am looking for. (contains a username and password")
for some reason mysql_num_rows($result) is returning 0 even when the inputs are the correct values. the inputs are taken using $_POST like this at the top of the php file
$username = $_POST['username'];
$password = $_POST['password'];
If I change the query to exclude the "AND password = '$password' "; part then the page works as intended and mysql_num_rows returns 1.
any ideas whats going on? im rlly new to php so extra explaination would be appreciated. Thanks.
$con = mysql_connect("localhost", "peter", "abc123");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
$db_selected = mysql_select_db("test_db",$con);
$sql = "SELECT * FROM person";
//Your missing the connection , store in a variable
$result = mysql_query($sql,$con);
echo mysql_num_rows($result);
mysql_close($con);