session register

bjblackmore

Hi, I'm using some code I found in the archives,

session_start();
if (@$user_name && @$password) {
$res = @("SELECT user_id FROM table WHERE user_name='$user_name' AND password='". md5($password) ."'");
if(@mysql_num_rows($res) != 0) {
$sUserID = "$user_id";
session_register("sUserID");
}
}

So users login, with user_name & password, then the database gets their user_id. However the above code does not work, I'm not sure if its pulling the user_id field out correctly, and registering it! Can anyone see why?
I can get it to register the user_name with

session_start();
$sUserID = "user_name";
session_register("sUserID");

Many thanks
Ben

Anon

Aren\'t you missing a mysql_fetch* call there?
After you run mysql_query() and get $res, you (afaik) need to then call $row = mysql_fetch_array($res). THen $row[userid] will have the value you want. RIght now, I don\'t see how your code would set $userid to a value which is perhaps what you are seeing when you arne\'t sure if its being registered or not.

Anon

crap mcNuggetts

bjblackmore

I tried putting..

$row = mysql_fetch_array($res)

after the query, but now I get

Parse error: parse error in /users/www/login.php on line 8

Any ideas?
Cheers
Ben

Anon

well if that is what you used all you are missing is a semi colon. it should look like so:

$row = mysql_fetch_array($res);

bjblackmore

Yeah you were right, the ; helped thanks, but I still get..

Warning: Supplied argument is not a valid MySQL result resource in /users/www/login.php on line 7

My exact code is..

session_start();
if (@$user_name && @$password) {
$res = @("SELECT user_id FROM table WHERE user_name='$user_name' AND password='". md5($password) ."'");
$row = mysql_fetch_array($res);
if(@mysql_num_rows($res) != 0) {
$sUserID = "$user_id";
session_register("sUserID");
}
}

now line 7 would be that line of code
$row = mysql_fetch_array($res);

Many thanks for your help so far
Ben

knickerlas

frymaster

duh... he's a bot.

bjblackmore

I know, not exactly helpful!
This is why i still think we should have a username/password to login with whenever we want to post! To stop Bots/Idiots!

knickerlas

I see, The reason I didn't suspect a bot was it didn't occur to me that something so useless would be posted by one!
I agreee with the registration thing.

Nick

Anon

afaik the mysql_query is failing.

try echo mysql_error(); after the query to find out why it isn't working.

also... i suggest NOT to use any @'s cause they hide any warning/error with may have been generated in the command it's used for.

You should have very clear reasons to use an @ (I haven't found a single one yet!)

Anon

I noticed you are setting $sUserId to $user_id but I don't see where you are declaring $user_id. Don't you need a $user_id = $row[0] or something to work off your query?

Jeroen I use the @ sign with an if statement after I have tested the scripts and am sure they work. That way my users don't see the error messages generated. They seem something more identifable and explainable to them to report to me if necessary. (They also don't get to see my paths that way).

example :
if (!@function()) {
//function failed
$error_mess = "Explain what went wrong in relation to problem and give them a link to report problem.";
}

Somewhere on page "print $error_mess".

Anon

I personally use the error_reporting() command. Whe developing i use error_reporting(E_ALL) and when it's put live I say error_reporting(NONE) and generate my own errors...

personally i like that a little more 🙂

bjblackmore

user_id comes from "SELECT user_id FROM table....
Doesn't that select the $user_id?
If not, how do I set the $user_id?
Many thanks
Ben

bjblackmore

OK I've done it, I set..
$sUserID = $row['user_id'];