MySQL/PHP simple login script..

maxonon

I've made a simple login script, consisting of two pages, one login site (.php) with fields for username ($user) and password ($pwd) the form action="login.php" (that becomes login.php?user=<username>&pwd=<password>)
login.php is as follows:

<HEAD>
<TITLE>
Welcome
</TITLE>
<LINK rel=stylesheet type=text/css href=pwd.css>
</HEAD>
<BODY>

<?PHP
//connect to MySQL
$sqlid = @mysql_connect("localhost", "root", "");
if (!$sqlid) {

echo(
"<P>Unable to connect to the " .

"database server at this time.</P>" );

exit();
}

//Select Database
mysql_select_db("members")
or die ("mysql_error()");

//get user's password from DB
$query = "SELECT password FROM userinfo WHERE user='$user'";
$password = mysql_query($query)
or die("Query failed");

//match typed password with password from Database
If ($pwd==$password)
{
//end of successful login
?>

Welcome $user
<?PHP
};
?>
</BODY>

whats wrong?? Can't you "compare" a array a variable?? ($pwd = $password)
thanks all..

Anon

You need to fetch the results before you compare.

If ($pwd==$password)

add:
$password = mysql_fetch_assoc($password);

right above that. Read about it in the docs on php.net.

johnh

I won't reply about Bob's post since he might be right (I haven't tried that). However to answer your question as you have posted it, your correct. What is being returned is an array. Perhaps an array with 1 element, but all the same, it's in an array format. To see this, you'ld simply print "$password"; and it will show you that the value is "Array". You would need to reference the the element in the array that your looking for, (ie. $pwd = $password[0]😉.

John