Re: php and MySQL
- From: David Haynes <david.haynes2@xxxxxxxxxxxx>
- Date: Sun, 26 Mar 2006 09:04:21 -0500
comp_guy wrote:
hey guys, i have been working on a simple form which validates if a
user is valid or not. i am a newbie and just want to deny unauthorised
access to a 'members' page. I wish to compare the password entered by
the user with that they entered into their submitted registration
form.. however i keep getting a mySQL error message 'query was empty'.
i was hope someone would know my failings! here is my code:
<?php
$connection = mysql_connect("sentinel.cs.cf.ac.uk","scm5sjc","my
password here");
$password=$_POST['password'];
mysql_select_db("sjcdb",$connection) or die("failed!");
$sql = mysql_query("SELECT * FROM users WHERE password = '$password'");
$result = mysql_query($sql)or die(mysql_error());
$rows = mysql_num_rows($result);
if ($rows){
if ($password == $row[9]){
header("Location:members.html");
}
else
{
header("Location:register.html");
exit;
}
}
mysql_close();
?>
A couple of observations...
This:
$sql = mysql_query("SELECT * FROM users WHERE password = '$password'");
sets $sql to be the result set of the query...
while this:
$result = mysql_query($sql)or die(mysql_error());
tries to do another query using the result set. That's just not right.
I suggest you do something like:
$sql = "select count(*) from users where password = '$password'";
$result = mysql_query($sql, $connection);
$row = mysql_fetch_row($result);
if( $row[0] ) {
...
mysql_free_result($result);
mysql_close($connection);
Also, your second comparison to $row[9] is not needed. The password match is already accounted for in the where clause of the SQL query.
-david-
.
- References:
- php and MySQL
- From: comp_guy
- php and MySQL
- Prev by Date: Re: php and MySQL
- Next by Date: php and MySQL
- Previous by thread: Re: php and MySQL
- Next by thread: Re: php and MySQL
- Index(es):
Relevant Pages
|
