Where is the error?

Anon

Is there anyone who
can find my error in this script?
(I can run the script, but cannot login from a Login/Password that lies in a table).

<?php
if (!isset($doCheck))
{
$sybase = sybase_connect("a" , "ab" , "");
sybase_select_db("db");
?>

<head><title>Login</title></head>
<body>
<form method="post" action="./this_one.php">
<input type="hidden" name="doCheck" value="1">
<input type="textfield" name="name">
<input type="password" name="passwd">
<input type="submit">
</form>
</body>

<?
$sql = sybase_query("SELECT Login, Password from table");
if (Login == $Login AND Password == $Password)
{
$result = sybase_query($sql);
$num_of_rows = @sybase_num_rows('db', $result);
sybase_close();
exit();
}
}
else
if (($name == $Login) && ($passwd == $Password) )
{
header("Location: goon.htm");
}
else {
print "<H1>Sorry, wrong username and password</H1>";
}
?>

If you can help me, please do!!!

Anon

Ehh.......
I´ve changed some in the script..
However, the error remains.

<?php

if (!isset($doCheck))
{

<head><title>Logintest</title></head>
<body>
<form method="post" action= <? $php_self ?>>
<input type="hidden" name="doCheck" value="1">
<input type="textfield" name="name">
<input type="password" name="passwd">
<input type="submit">
</form>
</body>

<? }
else
{
$sybase = sybase_connect("a" , "ab" , "");
sybase_select_db("db");
$sql = sybase_query("SELECT Login, Password from anvaendare");
if (Login == $Login AND Password == $Password)
{
$result = sybase_query($sql);

$num_of_rows = @sybase_num_rows($result);
sybase_close();
exit();
}
if (($name == $Login) && ($passwd == $Password) )
{
header("Location: goon.htm");
}
else {
print "<H1>Sorry, wrong username and password</H1>";
}
}
?>

Anon

hmmm .... there are quite a few bits needs to be changed, so i will just jot them down again.
change the script to following:

<?php
if (!isset($doCheck))
{
?>

<? }
else
{
$sybase = sybase_connect("a" , "ab" , "");
sybase_select_db("db");
$sql = sybase_query("SELECT Login, Password from anvaendare WHERE Login = '$name' AND Password = '$passwd'");

$result = sybase_query($sql);
$num_of_rows = @sybase_num_rows($result);

// if num of rows is less than 1 from the
// sql result, then it means no record
// found in db by given username & passwd
if ($num_of_rows < 1) {
print "<H1>Sorry, wrong username and password</H1>";
sybase_close();
exit();
}
else {
sybase_close();
header("Location: goon.htm");
}
}

Anon

Thanks man!

Just one thing
your script you posted me..
There was an error in 2
sybase_query after each other.

So, instead of having:

$result = sybase_query($sql);

//$SQL had already queried 🙂
So, I just simply wrote:

$result = $sql

But..
Thanks alot man!!

Anon

Just a small note about your code, you don't need that hidden variable, you can just give the submit button a name and then check to see if that name exists.

e.g.
<input type="submit" name="submit">

and then

if($submit)

its just less code.

Anon

mmmmkay...

Thx man!