PDA

View Full Version : [Help - PHP] Error in code



Megamind's Minion
10-20-2009, 04:25 AM
$username = mysql_escape_string($_POST['username']);
$password = mysql_escape_string($_POST['password']);

$query = "SELECT * FROM users WHERE username = '" . $username . "' AND password = PASSWORD('" .$password . "')";
$result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());

if (mysql_num_rows($result) == 0) {
echo "ERROR: Incorrect username or password!";
} else {
$_SESSION['auth'] = 1;
session_start();
setcookie("username", $username, time()+(84600*30));
include("memberMain.php");
mysql_close();
}

mysql_free_result($result);
mysql_close($connection);

hey guys..
thanks if you bother..
this is a snippet of the code i am creating for a project..
and i don't understand why it always shows the "Incorrect username or password" even though what i am inputting are correct..

i'll be grateful if you could point out where i am wrong..
this is on mysql/php/xml/javascript/html/css rolled into one project..
the last for the sem...

IFS
10-20-2009, 04:54 AM
not sure myself just guessing here, but I think this could be the problem
$query = "SELECT * FROM users WHERE username = '" . $username . "' AND password = PASSWORD('" .$password . "')";

instead

$query = "SELECT * FROM users WHERE username = '" . $username . "' AND password = '" .$password . "'";


just wondering about this part PASSWORD('" .$password . "')";

Megamind's Minion
10-20-2009, 05:01 AM
tnx but it didn't work..
anyway..
i'll just have to check it over...

IFS
10-20-2009, 05:29 AM
also try switching the quotes around placing the double quote first and single quote second

like

"' . $username . '"

instead of

'" . $username . "'

FlashD
10-20-2009, 03:47 PM
Try it this way ;) :


$query = "SELECT * FROM users WHERE username = '" . $username . "' AND password = '" . md5($password) . "'";

Megamind's Minion
10-21-2009, 08:22 AM
tnx guyz...
i appreciated your efforts..
now, all i have to do is wait...