Closed Thread Icon

Topic awaiting preservation: mysql_num_rows problem (Page 1 of 1) Pages that link to <a href="https://ozoneasylum.com/backlink?for=12545" title="Pages that link to Topic awaiting preservation: mysql_num_rows problem (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: mysql_num_rows problem <span class="small">(Page 1 of 1)</span>\

 
Gee
Bipolar (III) Inmate

From: London, UK
Insane since: Nov 2002

posted posted 12-05-2002 18:13

Hi peoples,

I created the following login form and script...

here is my code - it is only a short form and login script.

code:
<form action="logoncheck.php" method="post" name="Logon" id="Logon" >
<table width="0%" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td bgcolor="#003366"><font color="#FFFFFF">Logon:</font></td>
<td><input name="logon" type="text" id="logon"></td>
</tr>
<tr>
<td bgcolor="#003366"><font color="#FFFFFF">Password:  </font></td>
<td><input name="password" type="password" id="password"></td>
</tr>
<tr bgcolor="#000000">
<td align="center"><font color="#FFFFFF">
<input type="submit" name="Submit" value="Submit">
</font></td>
<td align="center"><font color="#FFFFFF">
<input type="reset" name="Submit2" value="Reset">
</font></td>
</tr>
</table>
</form>


code:
<?
$link = mysql_connect("localhost", "gee", "ftm");
mysql_select_db("auth", $link);

$_POST['name'] = mysql_query("SELECT name FROM auth WHERE name = '$logon' AND pass = PASSWORD('$password')", $link);
$_POST['num_rows'] = mysql_num_rows($name);

if ($num_rows <= 0)
{
echo "<p align= center>You either entered your user name or password wrong.</p>";
exit;
}

include ("includes/private.php");
echo "<p align= center>You are now logged in</p>";
echo "<br>";
?>



I created a table called auth - with 2 fields, name and pass. I dunno why it is not working - maybe because it has something to do with the password()function in mysql?

I keep getting 'you either entered youe username or password wrong' even when I enter them correctly.

Any help would be greatly appreciated!

Update - I changed the following line to :
if ($num_rows = 0)

now I always get logged in even if I eneter the wrong password... I also get the following error message.

Warning: Failed opening 'includes/private.php' for inclusion (include_path='.;c:\php4\pear') in C:\FoxServ\www\logoncheck.php on line 15

I have never used pear before so now I am completely lost

[This message has been edited by Gee (edited 12-05-2002).]

Emperor
Maniac (V) Mad Scientist with Finglongers

From: Cell 53, East Wing
Insane since: Jul 2001

posted posted 12-05-2002 19:34

Gee: I'm not sure why you are using this:

quote:
PASSWORD('$password')



___________________
Emps

FAQs: Emperor

Gee
Bipolar (III) Inmate

From: London, UK
Insane since: Nov 2002

posted posted 12-05-2002 20:05

thnX emporer - I fixed it.

I was playing around with $_POST and my variables - somehow I forgot to
get rid of PASSWORD($password); sorry!

One other thing - I use php with globals turned off. If I include " extract($_POST); "
at the beginning of my scripts then I dont have to write all the extra syntax is true.

But does this defeat the object of having globals turned off or is it just as safe as
using $_POST everywhere?

Perfect Thunder
Paranoid (IV) Inmate

From: Milwaukee
Insane since: Oct 2001

posted posted 12-05-2002 20:28

You only need to use $_POST["thing"] when accessing a variable that was sent to your script from the previous page (i.e. user input). You don't need to use it for anything else.

So $_POST['num_rows'] = mysql_num_rows($name); really isn't necessary, and it's probaby what's messing you up. Setting $_POST["thing"] sets an element of the POST superglobal array. That means it's part of the variable $_POST, not a variable of its own.

For this kind of thing, just use normal variables.

$query = "SELECT blah blah blah";
$result = mysql_query($query);
$num_rows = mysql_num_rows($result);

if ($num_rows < $value) doThing();

« BackwardsOnwards »

Show Forum Drop Down Menu