My column type is SMALLINT and name is user_level.
Here is the code I am using:
<?php
mysql_connect("localhost", "root", "*********");
mysql_select_db("3591_other");
$result = mysql_query("SELECT * FROM rivase_f_users WHERE user_name = '$email' AND user_pass=sha1('$passwd')");
if (!$result) {
echo mysql_error();
}
//snip
else if (mysql_fetch_assoc($result)) {
$row=mysql_fetch_assoc($result);
$_SESSION['username']=$email;
if ($row['user_level']==1) {$_SESSION['usertype']='leader';}
header("Location: index.php");
die();
}
?>
$row['user_level'] looks like to be null, but phpmyadmin says it is 1. I tried echoing it with commenting the header-location row, it did not say anything. What am I doing wrong?
try this,
else if ($row = mysql_fetch_assoc($result)) {
$_SESSION['username']=$email;
if ($row['user_level']==1) {$_SESSION['usertype']='leader';}
header("Location: index.php");
die();
}
What you're trying to accomplish is unclear to me but you are discarding the first result:
else if (mysql_fetch_assoc($result)) {
// ^^^^^^^^^^^^^^^^^ Read and discard
$row=mysql_fetch_assoc($result);
// ^^^^^^^^^^^^^^^^^ Read next row
You are experiencing a logical if-else bug.
You are reading the value of next mysql_fetch_assoc() after testing the output result of the first call in the else condition, but you wanted to read the value from first returned result.
Based on your code try this
<?php
mysql_connect("localhost", "root", "*********");
mysql_select_db("3591_other");
$result = mysql_query("SELECT * FROM rivase_f_users WHERE user_name = '$email' AND user_pass=sha1('$passwd')");
if (!$result) {
echo mysql_error();
}
//snip
else if ($row=mysql_fetch_assoc($result)) {
$_SESSION['username']=$email;
if ($row['user_level']==1) {$_SESSION['usertype']='leader';}
header("Location: index.php");
die();
}
?>
I've changed the else if check to save the row when doing the comparison.
Related
<?php
{
session_start();
include "dbconnect.php";
echo "email=".$_SESSION['email'];
$result = mysql_query("SELECT uid FROM master WHERE emailid='{$_SESSION['email']}'");
while($uid = mysqli_fetch_array($result))
{
echo $row[uid];
}
it is giving result for 1st echo ie email but for 2nd the error is
email=asdas#g.com
Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, resource given in C:\xampp\htdocs\mymainproject\upload1.php on line 9
please help
You're using mysql_query and mysqli_fetch_array functions which belong to different database drivers.
You should choose one. In this case - it's mysqli.
PS: the first curly brace { right after <?php looks weird
Here are a few examples:
// restricted/dbconnect.php
<?php
function db(){
return new mysqli('host', 'username', 'password', 'database');
}
?>
// mysqli::fetch_object()
<?php
session_start();
if(isset($_SESSION['email'])){
include 'restricted/dbconnect.php'; $db = db();
$result = $db->query("SELECT uid FROM master WHERE emailid='{$_SESSION['email']}'");
if($result->num_rows > 0){
while($row = $result->fetch_object()){
echo "<div>column name:{$row->columnName}</div><div>other column name:{$row->otherColumnName}</div>";
}
}
else{
echo 'No results were found';
}
$result->free(); $db->close();
}
else{
header('LOCATION:otherpage.php'); die();
}
?>
// mysqli::fetch_assoc()
<?php
session_start();
if(isset($_SESSION['email'])){
include 'restricted/dbconnect.php'; $db = db();
$result = $db->query("SELECT uid FROM master WHERE emailid='{$_SESSION['email']}'");
if($result->num_rows > 0){
while($row = $result->fetch_assoc()){
echo "<div>column name:{$row['columnName']}</div><div>other column name:{$row['otherColumnName']}</div>";
}
}
else{
echo 'No results were found';
}
$result->free(); $db->close();
}
else{
header('LOCATION:otherpage.php'); die();
}
?>
// mysqli::fetch_row()
<?php
session_start();
if(isset($_SESSION['email'])){
include 'restricted/dbconnect.php'; $db = db();
$result = $db->query("SELECT uid FROM master WHERE emailid='{$_SESSION['email']}'");
if($result->num_rows > 0){
while($row = $result->fetch_row()){
echo "<div>column name:$row[0]</div><div>other column name:$row[1]</div>";
}
}
else{
echo 'No results were found';
}
$result->free(); $db->close();
}
else{
header('LOCATION:otherpage.php'); die();
}
?>
Using the Object Oriented approach will save you typing. Note that you can put single dimensional Numeric Arrays inside double quotes without curly braces.
just use mysqli_query instead. i recommend switching to pdo, its easier to pass variables.
http://net.tutsplus.com/tutorials/php/php-database-access-are-you-doing-it-correctly/
I am new in PHP and need help with my below code. When I am entering wrong userid instead of giving the message "userid does not exist" it is showing "password/id mismatch. Please guide me where I am wrong.
<?php
session_start();
$id = $_POST['userid'];
$pwd = $_POST['paswd'];
$con = mysqli_connect("localhost", "????", "????", "??????");
if ($con) {
$result = mysqli_query($con, "SELECT * FROM users WHERE userid=$id");
if ($result) {
$row = mysql_fetch_array($result);
if ($row["userid"] == $id && $row["paswd"] == $pwd) {
echo "Welcome! You are a authenticate user";
if ($id == $pwd)
//my default login id and password are same
{
header("Location: changepwd.html");
} else {
header("Location: dataentry.html");
}
} else {
echo "ID/Password Mismatch";
}
} else {
echo "User does not Exist !!!";
}
} else {
echo "Connection failed - ".mysqli_error()." -- ".mysqli_errno();
}
?>
The main problem you have is that you're mixing up between the mysqli and mysql functions. These two libraries are not compatible with each other; you must only use one or the other.
In other words, the following line is wrong:
$row=mysql_fetch_array($result);
It needs to be changed to use mysqli_.
While I'm here, going off-topic for a moment I would also point out a few other mistakes you're making:
You aren't escaping your SQL input. It would be extremely easy to hack your code simply by posting a malicious value to $_POST['userid']. You must use proper escaping or parameter binding. (since you're using mysqli, I recommend the latter; it's a better technique).
Your password checking is poor -- you don't appear to be doing any kind of hashing, so I guess your passwords are stored as plain text in the database. If this is the case, then your database is extremely vulnerable. You should always hash your passwords, and never store the actual password value in the database.
I've gone off topic, so I won't go any further into explaining those points; if you need help with either of these points I suggest asking separate questions (or searching here; I'm sure there's plenty of existing advice available too).
else
{
echo "ID/Password Mismatch";
}
is connected with the
if($row["userid"]==$id && $row["paswd"]==$pwd)
{
So since you are giving a wrong id. It echo's: ID/Password Mismatch
Also the else at if ($result) { wont ever show since
$result = mysqli_query($con, "SELECT * FROM users WHERE userid=$id");
You need some additionnal checks:
select * return 1 row (not 0, and not more)
you need to protect the datas entered by the html form (for example someone could enter 1 or 1 to return all rows
<?php
session_start();
$con = mysqli_connect("localhost", "????", "????", "??????");
$id = mysqli_real_escape_string($_POST['userid']);
$pwd = mysqli_real_escape_string($_POST['paswd']);
if ($con) {
// don't even do the query if data are incomplete
if (empty($id) || empty($pwd)
$result = false;
else
{
// optionnal : if userid is supposed to be a number
// $id = (int)$id;
$result = mysqli_query($con, "SELECT * FROM users WHERE userid='$id'");
}
if (mysqli_num_rows($result) != 1)
$result = false;
if ($result) {
$row = mysqli_fetch_assoc($result);
if ($row["userid"] == $id && $row["paswd"] == $pwd) {
echo "Welcome! You are a authenticate user";
if ($id == $pwd)
//my default login id and password are same
{
header("Location: changepwd.html");
} else {
header("Location: dataentry.html");
}
} else {
echo "ID/Password Mismatch";
}
} else {
echo "User does not Exist, or incomplete input";
}
} else {
echo "Connection failed - " . mysqli_error() . " -- " . mysqli_errno();
}
?>
Try with isset() method while you are checking if $result empty or not.
that is in line
if ($result) {.......}
use
if (isset($result)) { .......}
$result is always true, because mysqli_query() only returns false if query failed.
You could check if $result has actual content with empty() for example.
You can use this sql compare password as well with userid
$sql= "SELECT * FROM users WHERE userid='".$id.", and password='".$pwd."'";
I'm trying to delete records from my database using a form. Can't get this to work.
Any ideas?
include 'newsconnect.php';
$Id = $_POST['Id'];
if (empty($Id) === true {
echo 'please input an Post ID.';
} else {
if(!$_POST['Submit']) {
header('Location: http://www.hidensecrets.yourwebsolution.net/forum.php');
} else {
mysql_query("DELETE * FROM forum WHERE id = '$Id'") or die(mysql_error());
header('Location: http://www.hidensecrets.yourwebsolution.net/forum.php') ;
echo "Deleted!";
}
}
I seem to land on this page which displays no errors.
Any help is really appreciated.
Missing a closing bracket:
include 'newsconnect.php';
$Id = $_POST['Id'];
if (empty($Id)) {
//-^
echo 'please input an Post ID.';
} else {
if (!$_POST['Submit']) {
header('Location: http://www.hidensecrets.yourwebsolution.net/forum.php');
} else {
mysql_query("DELETE FROM forum WHERE id = '$Id'") or die(mysql_error());
header('Location: http://www.hidensecrets.yourwebsolution.net/forum.php');
echo "Deleted!";
}
}
Not sure which IDE you're using but most of them would show this error. You're also open to sql injection. Find out more.
What sort of issue are you facing? You're missing a closing parenthesis for if (empty($Id) === true in case the you're getting syntax error
I think that you must omit the asterisk in your delete query ! Try it and tell me the result :)
your code must use this query :
mysql_query("DELETE FROM forum WHERE id = '$Id'") or die(mysql_error());
instead of this one :
mysql_query("DELETE * FROM forum WHERE id = '$Id'") or die(mysql_error());
Hope this it will be the solution :)
This code only redirects to notenrolled.php even if the input value is correct. I want it to continue the process if the value entered is correct. Is there something wrong with my code?
<?php
//Setup connection to the database
$connect = mysql_pconnect("localhost", "root", "")
or die(mysql_error());
//Connect to the database
mysql_select_db("dbgis", $connect) or die(mysql_error());
$query = "SELECT * from tbl_student WHERE stud_id= '$stud_id' ";
$result = mysql_query($query);
$totalrows = mysql_num_rows($result);
while($row = mysql_fetch_array($result))
{
header("Location: yesno.php");
}
if($totalrows != 0)
{
header("Location: notenrolled.php");
}
?>
I tried the die(); and it seems to be working because it just says a redirection looping error with yesno.php. So I think I might have put the code in the wrong .php page.
The flow is like this: I have a guard.php page where I could search a query(stud_id) using my search form in the page. I then want to check whether the query exists and if it doesn't, I want it to redirect to notenrolled.php else if the query is found, I want it to proceed to yesno.php.
When you set a Location header, you ALWAYS immediately follow it with exit or die().
(Only if you truly understand what you are doing, might you not immediately use it, but at your own risk.)
if ($totalrows > 0)
{ // has results
header("Location: yesno.php");
exit(0);
}
else
{ // no result
header("Location: notenrolled.php");
exit(0);
}
You should not use while just to evaluate if there is a record.
while($row = mysql_fetch_array($result))
{
header("Location: yesno.php");
}
Your code always redirects to notenrolled.php because of the codition:
if($totalrows != 0)
{
header("Location: notenrolled.php");
}
//this block will always be true if your $totalrows is greater than 0
The solution: check $totalrows if is greater than 0
if ($totalrows > 0){
header("Location: yesno.php");
} else {
header("Location: notenrolled.php");
}
u can use php function mysql_affected_rows to see number off affected rows in SELECT,
if (mysql_affected_rows() == 0){
header("Location: notenrolled.php");
} else {
header("Location: yesno.php");
}
The correct way to do it is this:
if($totalrows>0)
header("Location: yesno.php");
else
header("Location: notenrolled.php");
try this
if($totalrows == 0)
{
header("Location: notenrolled.php");
die();
}
I have a php which would check for certain value if it exists in a mysql database. If the value does not exists, it would simply add the value and refresh the page once to load the page again and now it has a value in the database, would go ahead to add other values. How do I refresh page just once when it is called ?
<?php
$sname = "W3 schools C# tutorials";//$_POST["sitename"];
$stype = "C#";//$_POST["sitetype"];
$saddy = "www.w3schools.com";//$_POST["siteaddress"];
$scomm = "W3 schools C# tutorials";//$_POST["sitecomment"];
$conn = mysql_connect("localhost","root","password");
if(!$conn){
die("Could not connect: ".mysql_error());
} else {
mysql_select_db("bookmarks",$conn);
$rs = mysql_query("select TypeId from bookmarktypes where TypeName = '$stype'");
$row = mysql_fetch_array($rs);
if($row > 0 ){
//Data found, continue to add...
} else {
//No data... insert a valid one
$rs = mysql_query("insert into bookmarktypes (TypeName) values ('$stype')");
if (!$rs){
die('Error: ' . mysql_error());
} else {
//echo "inserted new type data...";
}
//echo "</html>";
}
}
mysql_close($conn);
//Refresh page once
?>
There's the comment to refresh page below after mysql close command.
Refresh it right after insert with
header('Location: url here');
exit;
Btw, read a little about sql injections
Also - mysql_close() is pointless there.
if(check=1)
{
echo "\"<meta http-equiv=\"refresh\" content=\"2;url=http://yourwebsite.com/\">\"\n";
}
if you need to print the data that you just have entered try this
header('Location: YourShowDataPage.php?id='.$_POST['id_dataEntered'])
mi apologizes if is wrong , im a begginer