Obviously, my code it wrong...

Anon

$conn = odbc_connect( 'CoxFamily' , 'root' , '' );
$query1 = "SELECT FROM login WHERE username = $username";
$query2 = "SELECT FROM login WHERE password = $password";

if (query1 != $username} {
print "Incorrect Username: <a href="index.html">try again</a>";
} else if {$query2 != $password) {
print "Incorrect Password: <a href="index.html">try again</a>";
}
else {
print "Correct Username and Password!";
}

I get a parse error on line 15 which is my first "if" statement. The variables are being passed from a previous form.

Is that not how the if/then statement is supposed to be coded? Basically, if the username or password that the user entered from my form is not in my database, show the error message. That's what needs to happen.

Thanks

mharju

You have a { instead of a ( in the "if"-clause

Anon

Thanks, that fixed the parse error, but my code must still be wrong, because no matter my entry, it always says "Incorrect Username" even if I entered the correct username but I don't know how else to find out whether their entry matches one in my database.

Thanks again

mharju

That's because you're comparing the query result to a username, that can't give the wanted result!

$query1 = "SELECT FROM login WHERE username = $username";
$query2 = "SELECT FROM login WHERE password = $password";

why are you doing it like this? I recommend using:

$conn = odbc_connect( 'CoxFamily' , 'root' , '' );
$query="select * from login where username='$username' and password='$password'";

$result=odbc_exec($conn, $query);
$rc=odbc_fetch_into($result,$row);
if(!rc) { print "Incorrect username or password!\n<br>\n"; return 0; }

🙂Mikko

Anon

Oh, I see - I just did it the way that I could think of. I'm still trying to get the PHP/SQL stuff down and I've found nothing online that has been very helpful.

Thanks!

Anon

When using that, i get this:
Warning: Array not passed by reference in call to odbc_fetch_into()

mharju

Okay... Well you see I've never used ODBC in PHP, just Postgre and MySQL... 🙂 Let's see now...

the command is

$rc=odbc_fetch_into($result, $row);

Strange... It seems to be okay according to the manual.. What version of PHP are you using?

Try to do it like this:
change the odbc_fetch_into to:
$rc=odbc_fetch_row($result);

mharju

You always can consult the online manuals to PHP at www.php.net, they are a brilliant resource for these kinds of problems.

🙂Mikko

Anon

It accepts the entry and logs in no matter if it matched or not.

Using PHP 4

mharju

Uh, this is getting pretty hard. Since I really don't know anything about your system or your code, I'm not able to help you. You are sending the "username" and "password" to the script via a form? Are you sure you are establishing a connection to the database? Be sure to add some error-checking to the script. like:

if(!($conn=odbc_connect('whatever','something','something'))) {
print "error in connection!<br>\n";
}

Then, also add error checking to the other commands too! (like the odbc_exec)
🙂Mikko