[B]I cannot seem to get the mysql_fetch_assoc function to get more than one row. That being the username. The password and id are being completely ignored.
Im pulling my hair out on this one. Really lost. Ive been on this for hours.
[/B]
EDIT:
I am also getting this error
Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in
Any help is greatly appreciated.
Thank you.
Here is the code.
<?php
//Mass include file
include ("includes/mass.php");
//This is the login script
//Grabbing the login values and storing them
$username = $_POST['username'];
$password = $_POST['password'];
$submit = $_POST['submit'];
if (isset($submit))
{
if (strlen($username)<2) // put || ($username==(same as value on the database)
{
echo ("<br>You must enter a longer username</br>");
}
elseif (strlen($password)<=6)
{
echo ("<br>You must enter a longer password<br>");
}
else
{
$sql = mysql_query("SELECT * FROM user WHERE name = '$username'", $con);
$numrows = mysql_num_rows($sql);
if ($numrows != 0)
{
while ($row = mysql_fetch_assoc($sql))
$dbusername = $row['username'];
$dbpassword = $row['password'];
if ($dbusername == $username && $dbpassword == $password)
{
echo "your in!";
}
else
{
echo "Wrong info";
}
}
else
{
die ("That username doesnt exist");
}
}
}
?>
I cannot seem to get the mysql_fetch_assoc function to get more than one row. That being the username. The password and id are being completely ignored.
Im pulling my hair out on this one. Really lost. Ive been on this for hours.
Any help is greatly appreciated.
Thank you.
Here is the code.
<?php
//Mass include file
include ("includes/mass.php");
//This is the login script
//Grabbing the login values and storing them
$username = $_POST['username'];
$password = $_POST['password'];
$submit = $_POST['submit'];
if (isset($submit))
{
if (strlen($username)<2) // put || ($username==(same as value on the database)
{
echo ("<br>You must enter a longer username</br>");
}
elseif (strlen($password)<=6)
{
echo ("<br>You must enter a longer password<br>");
}
else
{
$sql = mysql_query("SELECT * FROM user WHERE name = '$username'", $con);
$numrows = mysql_num_rows($sql);
if ($numrows != 0)
{
while ($row = mysql_fetch_assoc($sql))
$dbusername = $row['username'];
$dbpassword = $row['password'];
if ($dbusername == $username && $dbpassword == $password)
{
echo "your in!";
}
else
{
echo "Wrong info";
}
}
else
{
die ("That username doesnt exist");
}
}
}
?>
There is no longer a mysql_num_rows error. But i am still having the intitial problem.
<?php
//Mass include file
include ("includes/mass.php");
//This is the login script
//Grabbing the login values and storing them
$username = $_POST['username'];
$password = $_POST['password'];
if (isset($_POST['submit'])){
if ($username)<2){
echo ("<br>You must enter a longer username</br>");
} elseif (strlen($password)<=6){
echo ("<br>You must enter a longer password<br>");
}else{
$sql = mysql_query("SELECT * FROM user WHERE name = '$username'", $con);
if (mysql_num_rows($sql) ){
while ($result = mysql_fetch_object($sql)) {
$dbusername = $result->username;
$dbpassword = $result->password;
if ($dbusername == $username && $dbpassword == $password)echo "your in!";
else echo "Wrong info";
}
} else die ("That username doesnt exist");
}
}
?>
I cannot seem to get the mysql_fetch_assoc function to get more than one row. That being the username. The password and id are being completely ignored.
I am sorry to say this, but you understand nothing, tapha
You need only one row, not three, because all these columns belongs to one row - so, your “initial problem” is not a problem at all.
Also, in your first case, you get no even single row, because your query failed.
If the query fails the reason the query failed will be reported (for a live site you would want to log this instead of displaying it)
If the number of rows is greater than 1 access is denied (there should only be one row returned for a valid user)
A slight alternative would be to use a SELECT COUNT(*) query to count the number of rows matching and then checking the returned count to see if it’s equal to exactly 1.
<?php
//Mass include file
include ("includes/mass.php");
//This is the login script
//Grabbing the login values and storing them
$username = $_POST['username'];
$password = $_POST['password'];
$submit = $_POST['submit'];
if (isset($submit)) {
{
// put || ($username==(same as value on the database)
if (strlen($username)<2) {
echo ("<br>You must enter a longer username</br>");
} elseif (strlen($password)<=6) {
echo ("<br>You must enter a longer password<br>");
} else {
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$query = "SELECT * FROM user WHERE name = '$username'";
$result = mysql_query($sql, $con);
if (!$result) {
echo 'Invalid query: ' .mysql_errno($link) . ": " . mysql_error($link) . "\
";
die;
}
$numrows = mysql_num_rows($result);
if ($numrows <> 1) {
die ("Access Denied! The supplied username and/or password supplied are invalid!");
} else {
echo 'Access Granted!';
}
}
}
}
?>
In your case you don’t need to get more than one row because what i guess is; the username is unique in the table and when you query the table then it will retrieve only row of that user and all the columns will be retrieved. I think you have missed one opening curly brace for while loop:
while ($row = mysql_fetch_assoc($sql))
$dbusername = $row['username'];
$dbpassword = $row['password'];
so you are only having the just one line after the while loop:
$dbusername = $row['username'];
So either you need to have a block to define for while loop:
Or if it is true what i have explained above the the username is unique in the table then you don’t have to have a while loop there since there will be single row returned. So I would do something like this:
//Mass include file
include ("includes/mass.php");
//This is the login script
//Grabbing the login values and storing them
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$submit = mysql_real_escape_string($_POST['submit']);
if (isset($submit)){
if (strlen($username)<2){ // put || ($username==(same as value on the database)
echo ("<br>You must enter a longer username</br>");
}
elseif (strlen($password) <= 6){
echo ("<br>You must enter a longer password<br>");
}
else{
$sql = mysql_query("SELECT * FROM user WHERE name = '$username'", $con);
$numrows = mysql_num_rows($sql);
if($numrows != 0){
$row = mysql_fetch_assoc($sql);
$dbusername = $row['username'];
$dbpassword = $row['password'];
if ($dbusername == $username && $dbpassword == $password){
echo "your in!";
}
else{
echo "Wrong info";
}
}
else{
die ("That username doesnt exist");
}
}
}
Actually it was Space, who was close to the sensible code
<?php
//Mass include file
include ("includes/mass.php");
//This is the login script
if (isset($_POST['submit'])) {
//Preparing login values for the query
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$sql = "SELECT * FROM user WHERE name = '$username' AND password='$password'";
$res = mysql_query($sql) or trigger_error(mysql_error()." in ".$sql);
if ($credentials = mysql_fetch_assoc($res)) {
echo "your in, ".$credentials['name']."!";
} else {
echo "Wrong info";
}
}
?>
