I have tried to read and do (incorporate) anything I find on here. But I have not found the solution. I'm using wamp server and I have a user table with 2 users one with email and password as test and test1 and no matter what I try the if statement always returns false.
<?php
$user = "root";
$pass = "";
$db = "testdb";
$db = new mysqli("localhost", $user, $pass, $db) or die("did not work");
echo "it connected";
$email = "test";
$pass1 = "test1";
$qry = 'SELECT * FROM user WHERE email = " '. $email .' " AND password = " '.$pass1.' " ';
$result = mysqli_query($db, $qry) or die(" did not query");
$count = mysqli_num_rows($result);
if( $count > 0)
echo " found user ";
else
echo " did not find user or password";
?>
I have tried to augment mysqli_num_rows but then it comes out always true
You have spaces in your query around your variables:
" '. $email .' "
change to:
"'. $email .'"
MySQL will take those spaces literally when it searches for matches.
I needed to eliminate the blank spaces in the encapsulation of the variable
<?php
$user = "root";
$pass = "";
$db = "testdb";
$db = new mysqli("localhost", $user, $pass, $db) or die("did not work");
echo "it connected";
$email = "test";
$pass1 = "test1";
$qry = 'SELECT * FROM user WHERE email = "'. $email .'" AND password = "'.$pass1.'"';
$result = mysqli_query($db, $qry) or die(" did not query");
$count = mysqli_num_rows($result);
if( $count > 0)
echo " found user ";
else
echo " did not find user or password";
?>
If you are using mysqli class version then you should use like below :
<?php
$user = "root";
$pass = "";
$db = "testdb";
$mysqli = new mysqli("localhost", $user, $pass, $db);
$email = "test";
$pass1 = "test1";
$qry = sprintf('SELECT * FROM user WHERE email = "%s" AND password = "%s"',$email,$pass1);
$result = $mysqli->query($qry);
$count = $result->num_rows;
if( $count > 0)
echo " found user ";
else
echo " did not find user or password";
$mysqli->close();
?>
Related
I have looked at similar questions on here and have found none that help me with this issue.
I have a database which contains a user table for name, email and password.
My HTML is a very basic form:
<form action = "" method = "post">
<label>Email :</label><input type = "text" name = "email" >
<label>Password :</label><input type = "password" name = "password" />
<input type = "submit" value = " Submit "/>
</form>
My php is:
$servername = "localhost";
$username = "student_user";
$password = "";
$db_name = "Student_db";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $db_name);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
if($_SERVER["REQUEST_METHOD"] == "POST") {
$email - mysqli_real_escape_string($conn,$_POST['email']);
$password = mysqli_real_escape_string($conn,$_POST['password']);
$sql = ("SELECT * FROM user WHERE u_email = '$email' and u_password = '$password'");
$result = mysqli_query($conn,$sql);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$active = $row['active'];
$count = mysqli_num_rows($result);
// If result matched $email and $mypassword, table row must be 1 row
if($count == 1) {
echo "Login Successful";
}else {
echo "Login Unsuccessful";
}
}
When I enter the correct generic email and password I have in the database, it still echos that the login is unsuccessful. I'm not sure why.
$email - replace with $email =
$servername = "localhost";
$username = "student_user";
$password = "";
$db_name = "Student_db";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $db_name);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
if($_SERVER["REQUEST_METHOD"] == "POST") {
$email = mysqli_real_escape_string($conn,$_POST['email']);
$password = mysqli_real_escape_string($conn,$_POST['password']);
$sql = ("SELECT * FROM user WHERE u_email = '$email' and u_password = '$password'");
$result = mysqli_query($conn,$sql);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$active = $row['active'];
$count = mysqli_num_rows($result);
// If result matched $email and $mypassword, table row must be 1 row
if($count == 1) {
echo "Login Successful";
}else {
echo "Login Unsuccessful";
}
}
There is issue with your assignment operator in your php code.
You are using
$email - mysqli_real_escape_string($conn,$_POST['email']);
Which is wrong you have to use
$email = mysqli_real_escape_string($conn,$_POST['email']);
you are using "-" insted of "="
here am trying to get username and password from the database and if their result is found then redirect to some page but mysqli_num_rows returns 0 always i dunno why `
if (isset($_POST['login'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$query = "SELECT * FROM `login` WHERE username = '$username' AND password = '$password'";
$run = mysqli_query($con,$query);
if (mysqli_num_rows($run) == 1) {
header("location: login.php");
}}?>
`
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "ornament"; // My local DB Name
$conn = mysqli_connect($servername, $username, $password, $dbname);
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
$username = "test"; // $_POST["username"] value
$password = "test"; // $_POST["password"] value
$sql = "SELECT * FROM `ornament` WHERE username = '$username' AND password = '$password'";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) == 1) {
echo "correct";
} else {
echo "wrong";
}
mysqli_close($conn);
?>
</body>
</html>
OUTPUT:
correct
I have a database name and table name are same, But for me it's working fine.
NOTE: Please check the whether you are using correct password while getting from POST.
Any how you got a solution, Have a great day
Thanks
Muthu
I was trying to make a page where you can log in and then change your nickname or/and password. Everything in mySQL database, but when I try to save the id to session variable, it doesn't work. Any suggestions?
I am using XAMPP, users is my table in database users, I'm not posting login form code, because it's very simple.
Everything is connected, code doesn't give any warnings or errors.
login.php (fragment):
$sql = "SELECT * FROM users WHERE nickname = '$myusername' and pass = '$mypassword' and confirmed = 1";
$result = mysqli_query($conn,$sql);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$count = mysqli_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count == 1) {
$logged = true;
while($row = mysqli_fetch_assoc($result)) {
echo "id: " . $row["id"];
$_SESSION['currentId'] = $row["id"];
echo 'Id: ' . $_SESSION['currentId'];
}
}else {
$error = "Your Login Name or Password is invalid";
}
}
change.php (whole):
<?php
session_start();
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "Users";
$currentId = $_SESSION['currentId'];
if($currentId<1){echo 'No Id.';}
else {echo 'CurrentId: ';
echo $currentId;}
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
echo "Connected successfully <br>";
if($_SERVER["REQUEST_METHOD"] == "POST") {
// username and password sent from form
$aCUname = mysqli_real_escape_string($conn,$_POST['CUname']);
$aCUpass = mysqli_real_escape_string($conn,$_POST['CUpass']);
$sql = "UPDATE users SET nickname = '$aCUname', pass = '$aCUpass' WHERE id = '$currentId';";
$result = mysqli_query($conn,$sql);
echo 'Updated successfully.';
}
?>
Thanks for help.
I got a solution. I just had to delete
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
from login.php. Thanks to #Shashikumar Misal !
I am trying to use php to check my database to see if a value exists. My main goal is to use this value
$_GET['UDID']
and if it is equal to any value that is in the database it will return
echo 'FOUND';
I am using this code:
<?php
$servername = "*****";
$username = "*****";
$password = "*****";
$dbname = "*****";
$connect = new mysqli($servername, $username, $password, $dbname);
if ($connect->connect_error) {
die("CONNECTION FAILED: " . $connect->connect_error);
}
$udid = $_GET['UDID'];
$id = mysqli_real_escape_string($connect, $udid);
$result = mysqli_query($connect, "SELECT udid FROM data WHERE udid = '$id'");
if($result === FALSE) {
die("ERROR: " . mysqli_error($result));
}
else {
while ($row = mysqli_fetch_array($result)) {
if($row['udid'] == $udid) {
$results = 'Your device is already registered on our servers.';
$results2 = 'Please click the install button below.';
$button = 'Install';
$buttonlink = 'https://**link here**';
}
else {
$results = 'Your device is not registered on our servers';
$results2 = 'Please click the request access button below.';
$button = 'Request Access';
$buttonlink = 'https://**link here**';
}
}
}
?>
But for some reason it is not working, I am sure I am over looking something. your help is greatly appreciated.
Try this:
$sql = mysqli_query($connect, "SELECT udid FROM data WHERE udid = '" .$udid. "'");
And also, make sure to set the value from 'GET' to $udid. Should be like this:
$udid = $_GET['UDID'];
We can use mysqli_fetch_array() instead to get the result row. I also include error handling. Now your code must look like this :
$udid = $_GET['UDID'];
$id = mysqli_real_escape_string($connect, $udid);
$result = mysqli_query($connect, "SELECT `udid` FROM `wmaystec_WMT-SS`.`data` = '$id'");
if($result === FALSE) {
die(mysqli_error("error message for the user")); //error handling
}
else {
while ($row = mysqli_fetch_array($result)) {
echo "FOUND :" .$row['thefieldnameofUDIDfromyourDB'];
}
}
I would suggest you to first escape the string, using the mysqli_real_escape_string function, and then call the SQL query.
$udid = mysqli_real_escape_string($connect, $udid);
$sql = mysqli_query($connect, "SELECT udid FROM data WHERE udid = '$udid'");
I created a members table on my database and entered the username row as user and the password row as password. Then I wrote a script that has to display the password and the username in a database. This is it:
<?PHP
$user_name = "root";
$password = "Hunter123";
$database = "adventure_of_dragons";
$server = "127.0.0.1";
$db_handle = mysql_connect($server, $user_name, $password);
$db_found = mysql_select_db($database, $db_handle);
if ($db_found) {
$SQL = "SELECT * FROM members";
$result = mysql_query($SQL);
while ( $db_field = mysql_fetch_assoc($result) ) {
$id = array($db_field['member_id']); "<BR>";
$username = array($db_field['username']); "<BR>";
$password = array($db_field['password']); "<BR>";
$rank = array($db_field['rank']); "<BR>";
print_r($username);
print_r($password);
}
mysql_close($db_handle);
}
else {
print "Database NOT Found " . $db_handle;
}
?>
but when i run the code it displays this:
Array ( [0] => user ) Array ( [0] => password )
how do I make it display the text like this:
-User -Password
Please help.
That's simple. Just don't make arrays of them in the first place, and use regular echo.
Other bugs in the code
print_r is a debug function (just like var_dump), it is not used for printing out data to user.
Also, this statement: "<BR>"; simply means nothing.
You must echo it for it to have any effect at all.
Another thing is that you've overwritten the DB connection variables in your fetching loop. It's better to use constants for this, like shown below.
Here's your code, fixed
<?php
define("DB_USERNAME", "root");
define("DB_PASSWORD", "Hunter123");
define("DB_DATABASE", "adventure_of_dragons");
define("DB_SERVER", "127.0.0.1");
$db_handle = mysql_connect(DB_SERVER, DB_USERNAME, DB_PASSWORD);
$db_found = mysql_select_db(DB_DATABASE, $db_handle);
if ($db_found || true) {
$SQL = "SELECT * FROM members";
$result = mysql_query($SQL) or die(mysql_error());
while ( $row = mysql_fetch_assoc($result) ) {
$id = $row['member_id'];
$username = $row['username'];
$password = $row['password'];
$rank = $row['rank'];
echo 'ID = ' . $id . '<br>';
echo 'RANK = ' . $rank . '<br>';
echo 'USERNAME = ' . $username . '<br>';
echo 'PASSWORD = ' . $password . '<br><br>';
// two <br>'s, so we get an empty line between users
}
mysql_close($db_handle);
} else {
echo "Database NOT Found " . $db_handle;
}