I'm trying to get the user's login details from the database using $SETTINGS["admin_username"] and also the password. I have defined them as 'user' (for username) and pass (for password), and I want them to be pulled from database table userLogin.
Any ideas? Please help, I have tried everything but the page either doesn't open or it doesn't work at all.
<?php
error_reporting(0);
$SETTINGS["admin_username"]='user';
$SETTINGS["admin_password"]='pass';
$SETTINGS["mysql_user"]='user';
$SETTINGS["mysql_pass"]='pass';
$SETTINGS["hostname"]='localhost';
$SETTINGS["mysql_database"]='db_db';
$connection = mysql_connect($SETTINGS["hostname"], $SETTINGS["mysql_user"], $SETTINGS["mysql_pass"]) or die ('request "Unable to connect to MySQL server."'.mysql_error());
$db = mysql_select_db($SETTINGS["mysql_databas… $connection) or die ('request "Unable to select database."');
?>
I can't read your code, so I try to write it again, here:
<?php
error_reporting(0);
$SETTINGS["admin_username"]='user';
$SETTINGS["admin_password"]='pass';
$SETTINGS["mysql_user"]='user';
$SETTINGS["mysql_pass"]='pass';
$SETTINGS["hostname"]='localhost';
$SETTINGS["mysql_database"]='db_db';
$connection = mysql_connect($SETTINGS["hostname"], $SETTINGS["mysql_user"], $SETTINGS["mysql_pass"]) or die ('request "Unable to connect to MySQL server."'.mysql_error());
$db = mysql_select_db($SETTINGS["mysql_database", $connection) or die ('request "Unable to select database."');
$sql = "SELECT * FROM userLogin LIMIT 1";
$rs = mysql_query($sql, $connection) or die(__LINE__.":".mysql_error());
while(false !== ($r = mysql_fetch_assoc($rs)))
{
$SETTINGS["admin_username"]=$r['field_user'];
$SETTINGS["admin_password"]=$r['field_pass'];
}
?>
Notice this line:
$sql = "SELECT * FROM userLogin LIMIT 1";
I use this in assumption that you only have 1 entry on table userLogin. If it's not, maybe you can use the following alternative query (because I don't know your current table's schema):
$sql = "SELECT * FROM userLogin WHERE field_user = 'admin'";
For starters, you've got an error in your syntax, Line 12 (and so does silent in his reproduction):
$db = mysql_select_db($SETTINGS["mysql_databas… $connection) or die ('request "Unable to select database."');
I'm guessing you want
$db = mysql_select_db($SETTINGS["mysql_database"], $connection) or die ('request "Unable to select database."');
Related
Mysql is deprecated. I have a code in mysql that I would like to convert to mysqli, but I don't succeed.
The code works, but I have error messages "The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead"
Here is the initial code:
$connection = mysql_connect('host','root','password') or die ("Couldn't connect to server.");
$db = mysql_select_db('database_name', $connection) or die ("Couldn't select database.");
$result = mysql_query("SELECT * FROM customers WHERE cust_number ='$Cust_Number' ");
if( mysql_num_rows($result) > 0) {
mysql_query("UPDATE `customers` SET cust_name='$Cust_Name', cust_phone='$Cust_Phone', cust_phone1='$Cust_Phone1', cust_email='$Cust_Email', cust_address='$Cust_Address' ");
}
else
{
mysql_query("INSERT INTO customers (cust_number, cust_name, cust_phone, cust_phone1, cust_email, cust_address) VALUES ('$Cust_Number', '$Cust_Name', '$Cust_Phone', '$Cust_Phone1', '$Cust_Email', '$Cust_Address') ");
}
I tried the following conversion:
$connection = mysqli_connect('host','root','password') or die ("Couldn't connect to server.");
$db = mysqli_select_db($connection,'database_name') or die ("Couldn't select database.");
if( mysqli_num_rows($result) > 0) {
mysqli_query($connections,"UPDATE `customers` SET cust_name='$Cust_Name', cust_phone='$Cust_Phone', cust_phone1='$Cust_Phone1', cust_email='$Cust_Email', cust_address='$Cust_Address' ");
}
else
{
mysqli_query($connections,"INSERT INTO customers (cust_number, cust_name, cust_phone, cust_phone1, cust_email, cust_address) VALUES ('$Cust_Number', '$Cust_Name', '$Cust_Phone', '$Cust_Phone1', '$Cust_Email', '$Cust_Address') ");
}
But it doesn't work.
Can someone help me convert the initial code in mysqli or PDO?
Your mysqli_query() calls $connections, whereas your connection is $connection -- this is why your code is failing.
It is, however, worth noting that as it stands, your code is vulnerable to SQL injection. To avoid this, you'll want to make use of prepared statements (something which didn't exist with the MySQL connector).
This can be done with the following:
$connection = mysqli_connect('host','root','password') or die ("Couldn't connect to server.");
$db = mysqli_select_db($connection,'database_name') or die ("Couldn't select database.");
if (mysqli_num_rows($result) > 0) {
$stmt = $this->mysqli->prepare("UPDATE `customers` SET cust_name='?', cust_phone='?', cust_phone1='?', cust_email='?', cust_address='?'");
$stmt->bind_param('sssss', $Cust_Name, $Cust_Phone, $Cust_Phone1, $Cust_Email, $Cust_Address);
$stmt->execute();
}
else
{
$stmt = $this->mysqli->prepare("INSERT INTO customers (cust_number, cust_name, cust_phone, cust_phone1, cust_email, cust_address) VALUES ('?', '?', '?', '?', '?', '?') ");
$stmt->bind_param('ssssss', $Cust_Number, $Cust_Name, $Cust_Phone, $Cust_Phone1, $Cust_Email, $Cust_Address);
$stmt->execute();
}
Yes it connects to the database, everything else works fine. I cant seem to pull the pass from the db its showing no returned echo
<?php
$username="test";
include("db.php");
$con=mysql_connect($server, $db_user, $db_pwd) //connect to the database server
or die ("Could not connect to mysql because ".mysql_error());
mysql_select_db($db_name) //select the database
or die ("Could not select to mysql because ".mysql_error());
$query="select password from ".$table_name." where username='$username'";
$result=mysql_query($query,$con) or die('error');
while ($row = mysql_fetch_assoc($result));
$un_pass_s1=$row['password'];
echo $un_pass_s1;
?>
while ($row = mysql_fetch_assoc($result)); loops until $row is false. The loop body is a single empty statement, ;. You need to put your code which accesses $row inside the loop, not after it.
$sql=mysql_query("select password from ".$table_name." where username='$username'");
while($row=mysql_fetch_array($sql))
{
$un_pass_s1=$row['password'];
}
echo "value=".$un_pass_s1;
I'm fairly new to SQL and PHP.
I'm trying to write a simple login script. I have a form in a HTML document that I have proved posts the correct data into the 2 variables required but my script fails when it executes the SQL...
I've also tested the SQL in mysqlWorkbench and I get the result I want ???
Please help.
Here is my script:
<?PHP
$odbc = mysql_connect('localhost', 'root', '') or die ("could not connect to database");
mysql_select_db('examresults', $odbc) or die("Could not find database");
// username and password sent from form
$username=$_POST['username'];
$password=$_POST['password'];
$sql='SELECT * FROM tuser where username = '.$username.' and password = '.$password.'';
$result = mysql_query($sql, $odbc) or die ("Error in SQL");
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
//If result matched username and password, table row must only equal 1 row
if($count==1)
{
header("location:exammenu.php");
}
else
{
echo 'username and password do not match';
}
?>
Note: mysql_* functions are deprecated, you should not use them anymore. Your code is also vulnerable to SQL Injections.
Using mysql_error instead of just printing out "Error in SQL" would give us (and you) a more detailed sql error message. But most likely it is failing because you forgot to put " " around your strings in the query.
$sql='SELECT * FROM tuser where username = "'.$username.'" and password = "'.$password.'"';
If you're really going to need to use mysql, at least sanitize your input. Also note the quotes in the $sql variable. This should work (though not tested):
<?PHP
$odbc = mysql_connect('localhost', 'root', '') or die ("could not connect to database");
mysql_select_db('examresults', $odbc) or die("Could not find database");
// username and password sent from form
$username=mysql_real_escape_string($_POST['username'], $odbc);
$password=mysql_real_escape_string($_POST['password'], $odbc);
$sql=sprintf('SELECT * FROM tuser where username = "%s" and password = "%s"', $username, $password);
$result = mysql_query($sql, $odbc) or die ("Error in SQL");
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
//If result matched username and password, table row must only equal 1 row
if($count==1)
{
header("location:exammenu.php");
}
else
{
echo 'username and password do not match';
}
I suggest using sprintf to format your sql statement to make it easier to spot such errors.
The query should be as below:
$sql='SELECT * FROM tuser where username = "'.$username.'" and password = "'.$password.'"';
you can try this code. i think it will work correctly.
<?PHP
$odbc = mysql_connect('localhost', 'root', '') or die ("could not connect to database");
mysql_select_db('examresults', $odbc) or die("Could not find database");
// username and password sent from form
$username=$_POST['username'];
$password=$_POST['password'];
$sql="SELECT * FROM tuser where username = '".$username."' and password = '".$password."'";
$result = mysql_query($sql, $odbc) or die ("Error in SQL");
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
//If result matched username and password, table row must only equal 1 row
if($count==1)
{
header("location:exammenu.php");
}
else
{
echo 'username and password do not match';
}
?>
Here is my error:
Warning: mysql_query() expects parameter 2 to be resource, null given...
This refers to line 23 of my code which is:
$result = mysql_query($sql, $connection)
My entire query code looks like this:
$query = "SELECT * from users WHERE userid='".intval( $_SESSION['SESS_USERID'] )."'";
$result = mysql_query($query, $connection)
or die ("Couldn't perform query $query <br />".mysql_error());
$row = mysql_fetch_array($result);
I don't have a clue what has happpened here. All I wanted to do was to have the value of the users 'fullname' displayed in the header section of my web page. So I am outputting this code immediately after to try and achieve this:
echo 'Hello '; echo $row['fullname'];
Before this change, I had it working perfectly, where the session variable of fullname was echoed $_SESSION['SESS_NAME']. However, because my user can update their information (including their name), I wanted the name displayed in the header to be updated accordingly, and not displaying the session value.
Your $connection variable is NULL that's what your error message is referring to.
Reason being is that you have not called mysql_connect. Once called it will assign you a resource where you can set it to the $connection variable, thus being non-null.
As an example:
$connection = mysql_connect('localhost', 'mysql_user', 'mysql_password');
// now $connection has a resource that you can pass to mysql_query
$query = "SELECT * from users WHERE userid='".
intval( $_SESSION['SESS_USERID'] )."'";
$result = mysql_query($query, $connection)
include the mysql connections on your class file, for example:
connections/mysql.php
<?
$hostname_MySQL = "localhost";
$database_MySQL = "database";
$username_MySQL = "user";
$password_MySQL = "password";
$MySQL = mysql_pconnect($hostname_MySQL, $username_MySQL, $password_MySQL) or trigger_error(mysql_error(),E_USER_ERROR);
mysql_select_db($database_MySQL,$MySQL);
?>
class.php
<?
include "Connections/MySQL.php";
class utils {
public function myFunction()
{
global $MySQL;
$sql = "select * from table";
$rs = mysql_query($sql, $MySQL) or die(mysql_error());
$filas = mysql_fetch_assoc($rs);
$totalFilas = mysql_num_rows($rs);
...
}
}
?>
You have two ways of doing this, you need to use mysql_connect to connect to your database, you can pass this to mysql_query if you desire, if you don't pass anything to mysql_query PHP uses the last link opened from mysql_connect
$conn = mysql_connect("localhost", "mysql_user", "mysql_password");
$sql = "SELECT id as userid, fullname, userstatus
FROM sometable
WHERE userstatus = 1";
$result = mysql_query($sql);
Have you connected to your database? If so please show this code too.
For now, just try removing the $connection variable, like this:
$result = mysql_query($query);
And see where that gets you.
$connection is assigned the value of the database connection resource id. You don't have that in your script, so the value of $connection is NULL, and that is why you are getting the error. You need to connect to the database before using mysql_query(). You should be okay after that.
You need to do:
$connection=mysql_connect('host','user','pass');
if($connection === false) {
echo "Error in connection mysql_error()";
}
$db_user="root";
$db_host="localhost";
$db_password="root";
$db_name = "fayer";
$conn = mysqli_connect($db_host,$db_user,$db_password,$db_name) or die ("couldn't connect to server");
// perform query
$query = 'SELECT * FROM posts';
$result = mysqli_query($conn, $query) or die ("Couldn't execute query.");
// use returned data
while($row = mysqli_fetch_assoc($result))
{
echo $row['title'];
}
I get in the browser: "mysql problem".
Help!
UPDATE
I have echoed the query. It shows SELECT * FROM posts and when I query manually it gets the rows.
I think it has something to do with mysqli. I think i should use mysql. Do u think I have incompatibility problems with mysqli?
i have echoed it. it shows SELECT * FROM posts. and when i query manually it gets the rows.
i think it has something to do with mysqli. i think i should use mysql. do u think i have incompatibility problems with mysqli?
You have empty WHERE clause. Remove it or add a search condition.
Change
$result = mysqli_query($conn, $query) or die ("Couldn't execute query.");
to
$result = mysqli_query($conn, $query) or die ("Couldn't execute query because: " . mysqli_error());
and you will know why the query is failing. Rule of thumb: Whenever you have a failed query, print it out and run it through phpmyadmin or some other raw-query executor and you will discover very quickly what the problem is.