SitePoint Sponsor

User Tag List

Results 1 to 13 of 13
  1. #1
    SitePoint Member
    Join Date
    Nov 2008
    Location
    uk
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Basic form password input problem

    Hi - I'm a real novice at this and trying my best to find my way through HTML PHP and MySQL. I'd like to have a form take an input (the password) and pass this to a db table which treats the password as an index returning an integer in an adjacent field in the table. Four strings of length 4 are concatenated and submited as the unique index.

    eg input AAAA BBBB CCCC DDDD, which is concatenated to AAAABBBBCCCCDDDD and queried to the table which should return a value eg 30

    Here's some code fragments:

    This is in index.php.........

    <form method="POST" action="connection.php">
    <input type="PASSWORD" name="AAAA" size="4"><input type="PASSWORD" name="BBBB" size="4"><input type="PASSWORD" name="CCCC" size="4"><input type="PASSWORD" name="DDDD" size="4">
    <p><input type="submit" value="Submit" name="B1"><input type="reset" value="Reset" name="B2"></p>
    </form>

    <?php include("connection.php");?>


    This is in connection.php


    echo $_POST['AAAA'] . $_POST['BBBB'] .$_POST['CCCC'] .$_POST['DDDD'] .'<br>'; //This lets me see that the form input has been concatenated correctly
    $my_password = $_POST['AAAA'] . $_POST['BBBB'] .$_POST['CCCC'] .$_POST['DDDD'];
    echo $my_password . '<br>'; //This lets me see that the variable is assigned
    $sql = mysql_query('SELECT * FROM `table101` WHERE `key` = $my_password');

    if (!$sql) {
    echo 'Could not run query: ' . mysql_error();
    exit;
    }

    echo mysql_result($sql);

    And I get the following error message:

    Could not run query: Unknown column '$my_password' in 'where clause'

    The issue seems to be centred on the mysql_query() function and the containing ' ' marks. I've used ' ', " " and no quotes each with a different error message. I'm a bit stuck on how to pass the variable to the table and get a return value. Can you please help?

    Thanks

    Nigel

  2. #2
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    16,457
    Mentioned
    160 Post(s)
    Tagged
    1 Thread(s)
    Actually I'm surprised you didn't get an error when you created the table. "key" is a reserved word. That is, it has "special meaning" to MySQL so it can't be used as the name of a field.

  3. #3
    SitePoint Addict
    Join Date
    Jan 2008
    Posts
    326
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    A couple of things I noticed are that you don't need the single quotes aroung the table and field name. Also, as pointed out above "key" should not be used as a field name. Finally, if you are storing passwords in a database they really should be hashed with SHA1 or something similar. Storing plain text passwords in a database is asking for trouble!

  4. #4
    SitePoint Member
    Join Date
    Nov 2008
    Location
    uk
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks again Jack - I've renamed the table fields - the MySql db only has one table and that table only has two fields (now called 'ided' and 'code16') but even with these changes the error message is:

    Could not run query: Unknown column '1DyVeThwTSGT6rK8' in 'where clause'

    The 16 characters between the single quotes are concatenated from a form which has 4 input fields (each of 4 characters) and is then passed as a variable in the mysql_query() function to query the db table101. I was hoping to have the value 239 returned from the above input.

    Clearly the mysql_query() function seems to be presenting the length 16 character string as a field name rather than as a field value to reference against. Could this be to do with my construction of the query or could it be a casting issue with the type of the input in the query now being different from the type of the data stored in the table field due to the fact I've concatenated these four strings together?

    The the db table101
    Field: ided; Type: int(11)
    Field: code16; Type: char(16)

    What do you recon?

  5. #5
    SitePoint Member
    Join Date
    Nov 2008
    Location
    uk
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Chris

    Thanks very much for your feed back. Of course you're right and in my wanderings through the php function lists I've also encountered MD5 encryption which looks fab! I'll hopefully get round to using one or both of these security features but for now I'm simply trying to get a return from a table based on a form input (!) - which is proving a tough nut to crack!!!!

    I've taken the single quotes out but I'm still get an error - it looks like the mysql_query() function is looking at my form input and is treating it as a field name rather than a field value; and I can't see what I'm doing wrong - the syntax looks OK. Its a bit perplexing.

    (BTW: Regards where the single quotes came from originally, I used the "Create php code" method in phpMyAdmin.)

  6. #6
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    16,457
    Mentioned
    160 Post(s)
    Tagged
    1 Thread(s)
    Last I knew, you could use "=" for strings, as well as numerics, but that "LIKE" was the prefered for strings. It may be that MySQL now requires "LIKE" for strings. i.e.
    PHP Code:
    $sql mysql_query('SELECT * FROM `table101` WHERE `ided` LIKE $my_password'); 
    (you may also need quotes around $my_password)

  7. #7
    SitePoint Wizard
    Join Date
    Mar 2002
    Location
    Bristol, UK
    Posts
    2,240
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You're trying to echo a variable into a string enclosed in single quotes. Variables are only parsed in double-quote strings. So you need the change your code as follows:

    PHP Code:
    $sql mysql_query("SELECT * FROM `table101` WHERE `ided` LIKE '$my_password'"); 
    or

    PHP Code:
    $sql mysql_query('SELECT * FROM `table101` WHERE `ided` LIKE \''.$my_password.'\''); 
    Edit: fixed syntax error in second example, sorry.
    Last edited by SJH; Nov 27, 2008 at 12:58.

  8. #8
    SitePoint Member
    Join Date
    Nov 2008
    Location
    uk
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    SJH - your first one works but gives the following error:

    Warning: Wrong parameter count for mysql_result() in C:\wamp\www\photos\connection.php on line 28

    with the code being:

    $sql = mysql_query("SELECT * FROM `table101` WHERE `code16` LIKE '$my_password'");
    if (!$sql) { echo 'Could not run query: ' . mysql_error();
    exit;
    }

    [line 28+++] echo mysql_result($sql);

    Now it looks to me like $sql should contain all the field values in table101 where code16 = $my_password

    There are two fields in the table so I'm expecting something like 926 14c7XGEMkTK7P5eB.
    Also I've tried SELECT `ided` - with the same resultant error. Looking at the php function mysql_result() I realise that I can also specify a row and a column name. And when I do that it gives the following error:

    Warning: mysql_result() [function.mysql-result]: Unable to jump to row 0 on MySQL result index 3 in C:\wamp\www\photos\connection.php on line 28

    which looks to me like its looking for a 3rd column in the table? - I'm getting rather confused here.

  9. #9
    SitePoint Wizard
    Join Date
    Mar 2002
    Location
    Bristol, UK
    Posts
    2,240
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Try using mysql_fetch_array() instead.

  10. #10
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    16,457
    Mentioned
    160 Post(s)
    Tagged
    1 Thread(s)
    If you do
    PHP Code:
    $query "SELECT * FROM `table101` WHERE `code16` LIKE '$my_password'";
    echo 
    $query;
    $sql mysql_query($query) or die ('<p>Error: ' .mysql_error() . '</p>'); 
    is $query like
    "SELECT * FROM `table101` WHERE `code16` LIKE '$my_password'"
    or
    "SELECT * FROM `table101` WHERE `code16` LIKE '1DyVeThwTSGT6rK8'"

  11. #11
    SitePoint Member
    Join Date
    Nov 2008
    Location
    uk
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Gents

    Thanks again for the guidance. Before these posts landed at my end I've continued to chip away at this and eventually got a return from the table using a very stripped down version of my previous coding; then using the mysql_fetch_row() function which worked. I'm going to work through mysql_*() functions to see just how these puppies behave.

    Thanks again. Nigel

  12. #12
    SitePoint Member
    Join Date
    Nov 2008
    Location
    uk
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Further weird behaviour.....

    I'm working in a very stripped down environment - coding and tables are very limited. I have noticed that I can get a return from a db table queried using a SELECT statement when the index variable

  13. #13
    SitePoint Member
    Join Date
    Nov 2008
    Location
    uk
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    OOOOpppps..(try again)

    Further weird behaviour.....

    I'm now working in a very stripped down environment - coding and tables are very limited. I have noticed that I can get a return from a db table queried using a SELECT statement when the index variable is an integer but when I try to pass a character as the index variable the query wont run and seems to be mistaking the index variable for a column name.

    eg
    Field 1: a, b, c (varchar)(PRIMARY)
    Field 2: 1, 2, 3 (int)

    with index variable 'a' in the SELECT query - query won't run BUT

    Field 1: 1, 2, 3 (int)(PRIMARY)
    Field 2: a, b, c (varchar)

    with index variable '1' - query returns 'a'

    Any ideas?

    Thanks

    Nigel

    (PS: I'm wondering if my WAMP installation is a bit goofy...)


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •