Re: MySQL Database problem (probably already solved in a message, but this is somewhat urgent)

Rankin wrote:
On Oct 12, 10:22 am, Jerry Stuckle <jstuck...@xxxxxxxxxxxxx> wrote:
Rankin wrote:
I am trying to set up a PHP-MySQL page that authenticates certain
strings that are sent by POST from another page. The idea is that the
MySQL server has a database with a table, and the table has two
columns, an FSR column, and a password column. What happens in the
PHP script is that the script sticks the POSTed items into variables,
accesses the MySQL database and table, reads the rows, and tries to
check if the POSTed password is a match to a password stored in the
database, then from there checks that the appropriate FSR number
matching the stored password matches with the POSTed FSR number. If
that works, then the script sets a Global called $authenticated to 1
or 0 (if it was successful or unsuccessful in matching FSR and
password), which then allows a second part of the script to do an
autoindex of the directory of that FSR, and sets up the links so that
it uses a separate script/page which uses the PHP http_send_file()
function to make the browser download the file clicked on.
Why are you reading more rows than necessary? It should be a simple SQL
query which returns one or zero rows.

The MySQL Table contains multiple rows (at the moment, I'm only using
2 for simplicity, but it will potentially have up to 1000) in the
sense of tables. I'm not very well versed with MySQL, so this may
just be a matter of my conception versus the real denotation of "row"
in the language. Here's the basis of the code:
//connect to the MySQL server
$conn =
mysql_connect('mysqlserveriphere','usernamehere','passwordhere') or
die('Error connecting to database.');
//select the Username Password Database
mysql_select_db('databasename') or die('Error selecting appropriate
database.');
//delineate the table containing the Usernames and Passwords available
and authenticate
$queryfsr = "SELECT FSR FROM tablename;";
$querypassword = "SELECT password FROM tablename;";
$resultfsr = mysql_query($queryfsr);
$resultpassword = mysql_query($querypassword);
while ($rowfsr = mysql_fetch_row($resultfsr) && $rowpw =
mysql_fetch_row($resultpassword)) {
if (is_array($rowfsr) && is_array($rowpw)) {
foreach ($rowfsr as $key => $value) {
if ($password == $rowpw[$key]) {
global $authenticated;
$authenticated = "1";
}
}
}
else {
if (!isset($rowfsr) && !isset($rowpw)) {
global $authenticated;
$authenticated = "0";
echo "Database access unsuccessful.";
}
else {
if ($password == $rowpw) {
global $authenticated;
$authenticated = "1";
}
else {
global $authenticated;
$authenticated = "0";
}
}
}
}



Problem: I'm using a foreach loop in order to run through the array
sent back by the MySQL access, and the arrays are of the FSR numbers
and Passwords. The warning was: "Invalid argument supplied for
foreach()" Recently, in order to debug, I set up a system that
checked if the supposed arrays that were returned were actually arrays
(using is_array), and if not, to test if they were solely one-value
variables. is_array is giving me failures for those returned arrays,
and yet the isset is turning up as a success, so then I set up another
debugging technique. I decided to use echo on those variables, to see
what was inside and see if the MySQL access was correctly working.
What happened was that it echoed: "Array". This seems
counterintuitive, since foreach requires an array to work, but it
isn't working, is_array is failing, and yet echo is telling me that
the variables are indeed arrays, while isset is telling me that the
variables are not NULL or empty.
Check the results of your mysql_query() call and find out why it failed.

And when you echo an array, the PHP prints "Array".


Correct.

I'd like to avoid having to show the file-sending script, since it has
personal information in it, and besides, it does not pertain to the
current problem.
Without the code there is nothing we can do to help you. But you don't
need to show code which doesn't pertain to the current problem, and you
can change personal information (i.e. userid's, passwords, etc.) when
posting it.


Yep, just did that, good call on that.

This completely confuses me, so please do help me. This is supposed
to be for a company file server (hand coded, since my last version of
this used .htaccess, but didn't differentiate between virtual hosts,
and the clients had tons of trouble with typing passwords in
correctly...), so it is somewhat urgent to get it back up and working.
Thank you, in advance, for helping with this.
P.S. your sig separator is broken. It should be
dash-dash-space-newline. You're missing the space.


Thanks for the post-script. I always forget that.


Patrick,

You need to study up on SQL and what it can do.

First of all, you are retrieving FSR and password from the table in two different calls. There is no guarantee you will retrieve the same rows, or in the same order (i.e. a row may have been added or deleted between the two calls).

Additionally, you are returning all the data in the table in your script and trying to compare. What happens if you have 10,000 rows? Or 10,000,000 rows?

This is where the database excels - and all of this is pretty basic (but since it's not a PHP problem, it's not in the realm of this newsgroup).

Do yourself a favor - study up on the basic SQL. It will make your job so much easier.


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@xxxxxxxxxxxxx
==================

.

Relevant Pages