I am using the following script to select a login ID and a password from the database, it work fine. the problem is when I enter any user ID and password even if they are notin the database the $result is always true. need help to find out why it is always true.
<?php
include('db.php');
if (!($connection = @ mysql_connect($dbhost, $dbuser, $dbpass)))
die("Could not connect to Server");
if (!mysql_select_db($dbname, $connection))
die("Could not connect to database");
$sql="SELECT * FROM contact WHERE email='$email' AND password='$password'";
$result=mysql_query($sql);
if (!$result) {
echo "Error occurred while checking your login Id and password";
echo "Try to login again and verify you login details." ;
echo "\n If this error persists, please contact helpdesk@mallhub.com";
} else
?>
Here the table information if might help.
Table structure for table contact
#
CREATE TABLE contact (
contactid int(5) unsigned zerofill NOT NULL auto_increment,
name varchar(30) NOT NULL default '',
title varchar(30) NOT NULL default '',
company varchar(30) NOT NULL default '',
street varchar(35) NOT NULL default '',
city varchar(30) NOT NULL default '',
state varchar(30) NOT NULL default '',
zipcode varchar(10) NOT NULL default '',
phone varchar(15) NOT NULL default '',
email varchar(35) NOT NULL default '',
password varchar(20) NOT NULL default '',
PRIMARY KEY (contactid),
UNIQUE KEY contactid (contactid)
) TYPE=MyISAM;
#
Dumping data for table contact
#
INSERT INTO contact VALUES (00001, 'ed', 'tech', 'trb', 'ww', 'berwyn', 'il', '60402', 'GUUYI', 'llll@yahoo.com', 'yeslll');
INSERT INTO contact VALUES (00002, 'asant', 'tech', 'trb', 'ww', 'berwyn', 'il', '60402', 'GUUYI', asant@yahoo.com', 'yesasant');
INSERT INTO contact VALUES (00003, 'aaa', 'tech', 'trb', 'ww', 'berwyn', 'il', '60402', 'GUUYI', 'aaa@yahoo.com', 'yesaaa');
INSERT INTO contact VALUES (00004, 'bbb', 'tech', 'trb', 'ww', 'berwyn', 'il', '60402', 'GUUYI', 'bbb@yahoo.com', 'yesbbb');
INSERT INTO contact VALUES (00005, 'ccc', 'ccc', '', '', '', '', '', '', 'ccc@yahoo.com', 'yesccc');
INSERT INTO contact VALUES (00006, 'ddd', 'ddd', '', '', '', '', '', '', 'ddd@yahoo.com', 'yesddd');
