Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions concerning problems with code you've written must describe the specific problem — and include valid code to reproduce it — in the question itself. See SSCCE.org for guidance.
Closed 9 years ago.
Improve this question
I just started with PHP.
I am currently working on a login script for my webpage.
When I try to run mysql_query(SELECT * FROM users WHERE username=$username)
it doesn't work.
I made sure I used the right names,
but I have always had a problem with the query function.
This is my code, does anyone see the problem?
<?php
$username = $_POST['username'];
$password = $_POST['password'];
if ($username&&$password)
{
$connect = mysql_connect("host", "dbname", "password!") or die ("Couldnt connect!");
mysql_select_db("TwoogLogin") or die ('couldnt find datebase');
$query = mysql_query("SELECT * FROM users WHERE username=$username") or die ('unable to run query');
$numrows = mysql_num_rows($query);
echo $numrows;
}
else
die("Please enter a username and a password");
?>
Try this way:
<?php
$username = $_POST['username'];
$password = $_POST['password'];
if ($username!=='' && $password!==''){
$connect = mysql_connect("host", "dbname", "password!");
if (!$connect)
{
die('Could not connect: ' . mysql_error());
}
$db_selected = mysql_select_db("TwoogLogin",$connect);
if (!$db_selected)
{
die ("Cannot use TwoogLogin: " . mysql_error());
}
$query = "SELECT * FROM users WHERE username='$username'";
$numrows = mysql_query($query,$connect);
echo mysql_num_rows($numrows);
mysql_close($connect);
}else{
echo "Please enter a username and a password";
}
?>
As suggested in the comment below (#Pascamel) msql_* extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used.
<?php
$username = $_POST['username'];
$password = $_POST['password'];
if ($username!=='' && $password!==''){
$connect = mysqli_connect("host", "dbname", "password!");
if (!$connect)
{
die('Could not connect: ' . mysqli_error());
}
$db_selected = mysqli_select_db("TwoogLogin",$connect);
$query = "SELECT * FROM users WHERE username='$username'";
$numrows = mysqli_query($query,$connect);
echo mysqli_num_rows($numrows);
mysqli_close($connect);
}else{
echo "Please enter a username and a password";
}
?>
<?php
//Set appropriate value for the following statements
$connect = mysql_connect("mysql_server", "mysql_user", "mysql_password") or die ("Couldnt connect!");
mysql_select_db("database_name",$connect) or die ('couldnt find datebase');
$username = $_POST['username'];
$password = $_POST['password'];
if ($username && $password)
{
$query = mysql_query("SELECT * FROM users WHERE username='$username'") or die ('unable to run query');
$numrows = mysql_num_rows($query);
echo $numrows;
}
else
die("Please enter a username and a password");
?>
Bad syntax in your query! you should use username='$username'
another reason is about bad name of column are you sure the name of your columns are right??
Related
I Cannot Check whether the username already exist in database. I gone through existing questions that were answered here. None of them solved my problem. When i executes, it displays "Cannot select username from table", which i given inside die block. Code Is given below.
<?php
$username = $_POST['user_name'];
$password = $_POST['pass_word'];
$host = "localhost";
$db_username = "root";
$db_password = "";
$db_name = "my_db";
//create connection
$conn = #new mysqli($host, $db_username, $db_password, $db_name);
if (isset($_POST["submit"]))
{
# code...
//check connection established or not
if ($conn->connect_error)
{
die("Not Connected to DB");
}
else
{
$query = "SELECT 'usernamedb' FROM 'registration' WHERE usernamedb='$username'";
$result = mysqli_query($conn, $query) or die('Cannot select username from table');
if (mysqli_num_rows($result)>0)
{
$msg.="This username already exist. try Another !!";
}
else
{
$insert = "INSERT INTO 'registration'('id', 'usernamedb', 'password') VALUES ([$username],[$password])";
$insert_result = mysqli_query($conn,$insert) or die('INSERTION ERROR');
}
}
$conn->close();
}
?>
Hope someone will answer me.
First of all you should not use those unescaped queries.
But regarding your question you have an SQL error on your queries. You quoted table name. "FROM 'registration'" should be "FROM registration".
So for some reason if the password is correct it knows and takes the user to the correct user account, but if the pass is wrong, it wont log them in but still takes them to the account page that isn't logged in.
Can someone please help me out to not re-direct them if the password is wrong
<?php
session_start();
//$connection = mysqli_connect('localhost', 'root', '');
$connection = mysqli_connect("pdb18.awardspace.net","*****","******","*****");
if (!$connection){
die("Database Connection Failed" . mysqli_error($connection));
}
$select_db = mysqli_select_db($connection, '******');
if (!$select_db)
{
die("Database Selection Failed" . mysqli_error($connection));
}
$username=trim($_POST['username']);
$password=trim($_POST['password']);
//$encoded_password = base64_encode($password);
$sql = "SELECT * from register where Username='".$username."' and Password='".$password."'";
$result = mysqli_query($connection, $sql) or die(mysqli_error($connection));
$result = $con->query($sql);
$count = mysqli_num_rows($result);
//echo $count;
if ($count == 1){
while($row = $result->fetch_assoc()) {
$id=$row['id'];
}
$_SESSION['User'] = $username;
$_SESSION['UserId'] = $id;
echo "valid";
}
else{
echo "Invalid";
}
?>
Remove this line:
$result = $con->query($sql);
You are using procedural functions, mysqli_*.
This part of code $con->query is OOP style, which you are not using in your code, and overwritting the value o $result variable.
You can use both styles, but you should use the same connection, or $connection in your case.
This is my CODE, id do not know where is the mistake but this code does not create any information on the database.
<?php
$username = "root";
$password = "";
$hostname = "localhost";
$dbhandle = mysql_connect($hostname, $username, $password) or die("Could not connect to database");
$selected = mysql_select_db($dbhandle);
if(isset($_POST['user']) && isset($_POST['pass'])){
$user = $_POST['user'];
$pass = $_POST['pass'];
$query = mysql_query("SELECT * FROM users WHERE Username='$user'");
if(mysql_num_rows($query) > 0 ) { //check if there is already an entry for that username
echo "Username already exists!";
}else{
mysql_query("INSERT INTO users (Username, Password) VALUES ('$user', '$pass')");
header("location:begin.html");
}
}
mysql_close();
?>
Forget database name here.
change this:
$selected = mysql_select_db($dbhandle);
With
$selected = mysql_select_db($dbname,$dbhandle);
$dbhandle = mysql_connect($hostname, $username, $password) or die("Could not connect to database");
$selected = mysql_select_db($dbhandle);
In above code you are not passing any database name to use, you should pass a database name instead of connection link to mysql_select_db($dbhandle);
like
$db_selected = mysql_select_db('foo', $link);
For reference
http://php.net/manual/en/function.mysql-select-db.php
Hi first of all Please use mysqli or PDO as mysql is depreciated and completely removed from PHP7.
Now your problem . You are not included database name in your mysql_select_db. It should be
$selected = mysql_select_db($dbhandle , $databasename) or die(mysql_error($dbhandle));
Always remember try to echo error after any query this will solve your problem in many cases
This is my login code, cant figure out whats wrong ( the last if, always goes to the last else ). i tried everything but still no luck.
<?php
error_reporting(E_ALL & ~E_NOTICE);
session_start();
if($_POST['submit']){
include_once("connection.php");
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$sql = "SELECT id, username, password FROM user WHERE username = '$username' AND password = '$password'";
$query = mysqli_query($connection, $sql);
if($query){
$row = mysqli_fetch_row($query);
$userId = $row[0];
$dbUsername = $row[1];
$dbPassword = $row[3];
}
if ($username = $dbUsername && $password == $dbPassword) {
$_SESSION['username'] = $username;
$_SESSION['id'] = $userId;
header('Location: users.php');
}else {
header('Location: error.php');
}
}
?>
and thas my connection code
<?php
$connection = mysql_connect('localhost', 'root', '');
if (!$connection){
die("Database Connection Failed" . mysql_error());
}
$select_db = mysql_select_db('login');
if (!$select_db){
die("Database Selection Failed" . mysql_error());
}
?>
You are going to kick yourself... you have only a single = in your if.
if ($username = $dbUsername && $password == $dbPassword) {
Should be
if ($username == $dbUsername && $password == $dbPassword) {
The single = turns it into an assignment instead of a comparison.
Beyond that you are actually doing the comparison twice; once in SQL to get back the username and password, the second time in PHP. If your query returns the user id, you already know that the username/password did the trick.
You are also mixing mysql_connect and mysqli_query (and mysql_fetch_row). As the others have suggested, you need to move to the mysqli class or to PDO. But to get you going, you need to at very least change mysqli_query to mysql_query and mysqli_fetch_row to mysql_fetch_row.
Use mysql_query($connection, $sql) instead of mysqli_query($connection, $sql);
as you are using mysql_connect
This question already has answers here:
Reference - What does this error mean in PHP?
(38 answers)
Closed 9 years ago.
This is the code for attempting to do a update on mysql data errors stating undefined variable
mysql_connect ("localhost", "root", "");
mysql_select_db("supplierdetails");
$con = mysql_connect("localhost", "root", "");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
//Run a query
$result = mysql_query ("SELECT * FROM users WHERE id= '$id'");
while ($row = mysql_fetch_array($result))
{
$username=$row['username'];
$password=$row['password'];
}
$query = "UPDATE users SET username = '$username', password = '$password' WHERE id = '$id'";
$result = #mysql_query($query);
//Check whether the query was successful or not
if($result) {
header("message= Users Updated");
}else {
die("Query failed");
}
?>
You miss the $id value?
And can use echo to debug or check script result, not header
http://php.net/manual/en/function.header.php
Please be more specific with regards to which variable is undefined.
In the code you've posted $username and $password are only set if $result returns a result, if it doesn't then your while loop will not run and therefore $username and $password will never be set.
Also $id doesn't look as if that has been set either, unless this has been set outside of the code which you have included in your question.
Hope this helps :)
you used 2 connect no need to do while and you forgot $id
$con = mysql_connect("localhost", "root", "");
mysql_select_db("supplierdetails");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
$id = $_POST['id'];
$username=$_POST['username'];
$password=$_POST['password'];
$query = "UPDATE users SET username = '".$username."', password = '".$password."' WHERE id = '".$id."'";
$result = mysql_query($query);
//Check whether the query was successful or not
if($result) {
echo "message= Users Updated";
}else {
die("Query failed");
}
?>