---------------conn.php-----------------
<?php
session_start();
function conn{
$hostname = "localhost";
$userDB = "root";
$password = "";
$databaseName = "forum";
$con = mysql_connect($hostname, $userDB, $password) or
die("failed to connect");
mysql_select_db($databaseName, $con) or
die("failed to connect with database");
}
?>
---------------------logindata.php------------
<?php
session_start();
conn();
$myusername = mysql_real_escape_string($_POST['username']);
$mypassword = mysql_real_escape_string($_POST['password']);
$query = mysql_query("select * from users where username = '" . $myusername . "' and password = '" . $mypassword . "' ");
if (mysql_num_rows($query) < 1) {
echo "wrong";
} else {
$_SESSION['username'] = $myusername;
$query = mysql_query("select * from users where username = '" . $myusername . "' and password = '" . $mypassword . "' ");
$row = mysql_fetch_assoc($query);
$_SESSION['id'] = $row['id'];
$_SESSION['name'] = $row['name'];
$_SESSION['email'] = $row['email'];
echo '<meta http-equiv="Refresh" content="0; URL=posts.php" />';
}
mysql_close($con);
?>
The error appears is (( ( ! ) Fatal error: Call to undefined function conn() in C:\wamp\www\TechnologySociety\logindata.php on line 6
))
when i call the function
You need to include conn.php in logindata.php
//logindata.php
<?php
....
include("conn.php");
session_start();
You are calling session_start() twice, so that will generate another error.
You should also look at using mysqli instead of mysql
you only need to start the session ones -- session_start();
you doc session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie.
also don't forget to include the connection function..
include_once('conn.php');
Try this code for logindata.php
<?php
require('conn.php');
session_start();
conn();
$myusername = mysql_real_escape_string($_POST['username']);
$mypassword = mysql_real_escape_string($_POST['password']);
$query = mysql_query("select * from users where username = '" . $myusername . "' and password = '" . $mypassword . "' ");
if (mysql_num_rows($query) < 1) {
echo "wrong";
} else {
$_SESSION['username'] = $myusername;
$query = mysql_query("select * from users where username = '" . $myusername . "' and password = '" . $mypassword . "' ");
$row = mysql_fetch_assoc($query);
$_SESSION['id'] = $row['id'];
$_SESSION['name'] = $row['name'];
$_SESSION['email'] = $row['email'];
echo '<meta http-equiv="Refresh" content="0; URL=posts.php" />';
}
mysql_close($con);
?>
--------------- logindata.php ------------
at this line at the top of logindata.php
include_once("conn.php");
you are missing
required conn.php
before
conn();
Also in logindata.php there is no need to call
session_start();
since it is already called in conn.php and after including it with required() it will be added and called
also in conn.php add parentheses to the function definition
function conn(){
change
function conn{
to:
function conn(){
and return the connection at end of function
function conn(){
$hostname = "localhost";
$userDB = "root";
$password = "";
$databaseName = "forum";
$con = mysql_connect($hostname, $userDB, $password) or
die("failed to connect");
mysql_select_db($databaseName, $con) or
die("failed to connect with database");
return $con;
}
who you should call,
$link = conn();
$query = mysql_query($sql, $link);
Related
I have tried to read and do (incorporate) anything I find on here. But I have not found the solution. I'm using wamp server and I have a user table with 2 users one with email and password as test and test1 and no matter what I try the if statement always returns false.
<?php
$user = "root";
$pass = "";
$db = "testdb";
$db = new mysqli("localhost", $user, $pass, $db) or die("did not work");
echo "it connected";
$email = "test";
$pass1 = "test1";
$qry = 'SELECT * FROM user WHERE email = " '. $email .' " AND password = " '.$pass1.' " ';
$result = mysqli_query($db, $qry) or die(" did not query");
$count = mysqli_num_rows($result);
if( $count > 0)
echo " found user ";
else
echo " did not find user or password";
?>
I have tried to augment mysqli_num_rows but then it comes out always true
You have spaces in your query around your variables:
" '. $email .' "
change to:
"'. $email .'"
MySQL will take those spaces literally when it searches for matches.
I needed to eliminate the blank spaces in the encapsulation of the variable
<?php
$user = "root";
$pass = "";
$db = "testdb";
$db = new mysqli("localhost", $user, $pass, $db) or die("did not work");
echo "it connected";
$email = "test";
$pass1 = "test1";
$qry = 'SELECT * FROM user WHERE email = "'. $email .'" AND password = "'.$pass1.'"';
$result = mysqli_query($db, $qry) or die(" did not query");
$count = mysqli_num_rows($result);
if( $count > 0)
echo " found user ";
else
echo " did not find user or password";
?>
If you are using mysqli class version then you should use like below :
<?php
$user = "root";
$pass = "";
$db = "testdb";
$mysqli = new mysqli("localhost", $user, $pass, $db);
$email = "test";
$pass1 = "test1";
$qry = sprintf('SELECT * FROM user WHERE email = "%s" AND password = "%s"',$email,$pass1);
$result = $mysqli->query($qry);
$count = $result->num_rows;
if( $count > 0)
echo " found user ";
else
echo " did not find user or password";
$mysqli->close();
?>
Using the code below, I was able to display each username and trial 1/0 flag in the table. What I want to do is display the data only for the existing user so I can say something like "Hello USERNAME, you have TRIAL access..." etc...
We're using standard HTACESS as the un/pass to enter the info area.
What needs to change here to only show the existing user's session?
<?PHP
$user_name = "blahblahblah";
$password = "blahblahblah";
$database = "blahblahblah";
$server = "127.0.0.1";
$db_handle = mysql_connect($server, $user_name, $password);
$db_found = mysql_select_db($database, $db_handle);
if ($db_found) {
$SQL = "SELECT * FROM member_auth";
$result = mysql_query($SQL);
while ( $db_field = mysql_fetch_array($result) ) {
print $db_field['username'] . " : ";
print $db_field['trial'] . " <br> ";
}
mysql_close($db_handle);
}
else {
print "Database NOT Found ";
mysql_close($db_handle);
}
?>
please don't use mysql_ functions.. look into PDO or MySQLi here: http://www.phptherightway.com/#databases
Update your query to only return specific user results.
Using Form POST:
$username = mysql_real_escape_string($_POST["username"]);
$password = mysql_real_escape_string($_POST["password"]);
Using URL Parameters:
$username = mysql_real_escape_string($_GET["username"]);
$password = mysql_real_escape_string($_GET["password"]);
So your SQL query will now look like:
$SQL = "SELECT * FROM member_auth WHERE username = '" . $username . "' AND password = '" . $password . "'";
I've got the php script but it doesn't seem to run the while on it.
It's always worked before but today it didn't work.
include('../conect_to_myspl.php');
$email = $_GET['e'];
$password = $_GET['p'];
$remember = $_GET['r'];
$selectEmail = mysql_query("SELECT * FROM users WHERE email='$email'");
while($row = mysql_fetch_assoc($selectEmail)){
$passowrdFromDB = $row['password'];
$username = $row['username'];
if($passowrdFromDB == $password){
session_start();
$_SESSION['username'] = $username;
echo 1 ;
}else{
echo 0 ;
}
}
$foo="foo";
$selectFoo = mysql_query("SELECT * FROM users WHERE email='".mysql_real_escape_string($foo)."'");
if($error = mysql_error()) die("Got an error: ".$error);
while($row = mysql_fetch_assoc($selectFoo)){
echo 'yay';
}
I have sanitized the input string and used the mysql_error function to further investigate on the problem. Try this way.
However, you should switch to mysqli since the mysql extension will be removed in the future.
"i only get "Deprecated : mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in "
I'm willing to bet my last dollar that your DB connection is mysqli_* and not mysql_* based. Yet, if it is mysql_ then you need to change that to mysqli_ see my example test that follows.
Change all instances of mysql_ to mysqli_ and add $con before SELECT or whatever variable you are using for DB connection in your connect file.
Assuming DB connection variable is $con (tested with a similar DB I already have on my server).
include('../conect_to_myspl.php');
$email = $_GET['e'];
$password = $_GET['p'];
$remember = $_GET['r'];
$selectEmail = mysqli_query($con, "SELECT * FROM users WHERE email='$email'");
while($row = mysqli_fetch_assoc($selectEmail)){
$passowrdFromDB = $row['password'];
$username = $row['username'];
if($passowrdFromDB == $password){
session_start();
$_SESSION['username'] = $username;
echo 1 ;
}else{
echo 0 ;
}
}
Add error reporting to the top of your file(s)
error_reporting(E_ALL);
ini_set('display_errors', 1);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
This is the code I tested with, using all mysqli_* functions for connection and query.
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
/*
$email = $_GET['e'];
$password = $_GET['p'];
$remember = $_GET['r'];
$selectEmail = mysql_query("SELECT * FROM users WHERE email='$email'");
while($row = mysql_fetch_assoc($selectEmail)){
$passowrdFromDB = $row['password'];
$username = $row['username'];
if($passowrdFromDB == $password){
session_start();
$_SESSION['username'] = $username;
echo 1 ;
}else{
echo 0 ;
}
}
*/
$DB_HOST = "xxx";
$DB_NAME = "xxx";
$DB_PASS = "xxx";
$DB_USER = "xxx";
$db = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if($db->connect_errno > 0) {
die('Connection failed [' . $db->connect_error . ']');
}
if($db->connect_errno > 0){
die('Unable to connect [' . $db->connect_errno . ']');
}
$email = "user1";
$password = "123";
// $remember = $_GET['r'];
$selectEmail = mysqli_query($db,"SELECT * FROM users WHERE email='$email'");
while($row = mysqli_fetch_assoc($selectEmail)){
$passowrdFromDB = $row['password'];
$username = $row['username'];
if($passowrdFromDB == $password){
session_start();
$_SESSION['username'] = $username;
echo 1 ;
}else{
echo 0 ;
}
}
"yeah it is ,but when i change it (all of my mysql_) to mysqi_ it give me this error " mysql_fetch_assoc() expects parameter 1 to be resource, boolean given""
You're still using mysql_fetch_assoc() those two APIs do NOT mix. Everywhere where it says mysql_ MUST be changed to mysqli_ notice the i? Use mysqli_fetch_assoc()
Sidenote: Your present code is open to SQL injection. Use mysqli_* functions. (which I recommend you use and with prepared statements, or PDO)
I created a members table on my database and entered the username row as user and the password row as password. Then I wrote a script that has to display the password and the username in a database. This is it:
<?PHP
$user_name = "root";
$password = "Hunter123";
$database = "adventure_of_dragons";
$server = "127.0.0.1";
$db_handle = mysql_connect($server, $user_name, $password);
$db_found = mysql_select_db($database, $db_handle);
if ($db_found) {
$SQL = "SELECT * FROM members";
$result = mysql_query($SQL);
while ( $db_field = mysql_fetch_assoc($result) ) {
$id = array($db_field['member_id']); "<BR>";
$username = array($db_field['username']); "<BR>";
$password = array($db_field['password']); "<BR>";
$rank = array($db_field['rank']); "<BR>";
print_r($username);
print_r($password);
}
mysql_close($db_handle);
}
else {
print "Database NOT Found " . $db_handle;
}
?>
but when i run the code it displays this:
Array ( [0] => user ) Array ( [0] => password )
how do I make it display the text like this:
-User -Password
Please help.
That's simple. Just don't make arrays of them in the first place, and use regular echo.
Other bugs in the code
print_r is a debug function (just like var_dump), it is not used for printing out data to user.
Also, this statement: "<BR>"; simply means nothing.
You must echo it for it to have any effect at all.
Another thing is that you've overwritten the DB connection variables in your fetching loop. It's better to use constants for this, like shown below.
Here's your code, fixed
<?php
define("DB_USERNAME", "root");
define("DB_PASSWORD", "Hunter123");
define("DB_DATABASE", "adventure_of_dragons");
define("DB_SERVER", "127.0.0.1");
$db_handle = mysql_connect(DB_SERVER, DB_USERNAME, DB_PASSWORD);
$db_found = mysql_select_db(DB_DATABASE, $db_handle);
if ($db_found || true) {
$SQL = "SELECT * FROM members";
$result = mysql_query($SQL) or die(mysql_error());
while ( $row = mysql_fetch_assoc($result) ) {
$id = $row['member_id'];
$username = $row['username'];
$password = $row['password'];
$rank = $row['rank'];
echo 'ID = ' . $id . '<br>';
echo 'RANK = ' . $rank . '<br>';
echo 'USERNAME = ' . $username . '<br>';
echo 'PASSWORD = ' . $password . '<br><br>';
// two <br>'s, so we get an empty line between users
}
mysql_close($db_handle);
} else {
echo "Database NOT Found " . $db_handle;
}
Folks, Please check my code..am executing the below code by http://localhost/mycart/login.php?is_ajax=1&username=srini&password=srini Then am getting this error even though passing valid user name and password. kindly help me thanks
mysql_num_rows() expects parameter 1 to be resource, boolean given in
C:\wamp\www\mycart\login.php on line 25 and username 'srini' and password 'srini' not found
<?php
$is_ajax = $_REQUEST['is_ajax'];
if (isset($is_ajax) && $is_ajax) {
error_reporting(E_ALL ^ E_NOTICE);
$uname = $_REQUEST['username'];
$pword = $_REQUEST['password'];
$uname = htmlspecialchars($uname);
$pword = htmlspecialchars($pword);
echo $uname;
echo $pword;
$con = mysql_connect("localhost", "root", "root");
if (!$con) {
die('Connection Failed' . mysql_error());
}
mysql_select_db("test", $con);
$result = mysql_query("SELECT * FROM login WHERE L1 = $uname AND L2 = $pword");
$num_rows = mysql_num_rows($result);
if ($num_rows > 0)
echo "success";
else
echo "username '{$uname}' and password '{$pword}' not found";
mysql_close($con);
}
?>
Your result is probably false. Try this:
$result = mysql_query("SELECT * FROM login WHERE L1 = '".$uname."' AND L2 = '".$pword."'");
Use ' in your SQL query to mask string values:
$result = mysql_query("SELECT * FROM login WHERE L1 = '" . $uname . "' AND L2 = '" . $pword . "'");