password protection

mysql_query

Hello. I'm getting a mysql error when I run this code. Can anyone tell me what is wrong?

<?php 
require("connection.php");// file holding connection details 
$request="SELECT * FROM roster WHERE callsign='$callsign' AND password='$password'";  

$result = mysql_db_query($db, $request, $connection) or die("Error in 
query." .mysql_error()); 


// if mysql_num_rows doesn't = 1 there is no record in
// the data base which matches 

if(mysql_num_rows($result) == 1) 
{ 
$query = "UPDATE roster SET hours = '$hours' WHERE id=$id"; 
$result = mysql_db_query($db, $query, $connection) or die 
("Error in query." .mysql_error()); 
} 
else 
{ 
print("Could not file report"); 
} 
?>

The info comes from an HTML form. Any help is appreciated. Thanks.

pug

What is the error you are getting. That would help

RayCuz

mysql_query,

Outta of curiosity where are you assigning anythign to the
variable $id? In the below statement mysql cannot update
due to there is no $id variable to check for:

$query = "UPDATE roster SET hours = '$hours' WHERE id=$id"; 
$result = mysql_db_query($db, $query, $connection) or die 
("Error in query." .mysql_error());

You might have meant to do something like this?

<?php 
require("connection.php");// file holding connection details 
$request="SELECT * FROM roster WHERE callsign='$callsign' AND password='$password'";  

$result = mysql_db_query($db, $request, $connection) or die("Error in 
query." .mysql_error()); 

// Lets get the id from the last query
$row = mysql_fetch_array($result);
// Lets asign it to $id
$id = $row['id'];

// if mysql_num_rows doesn't = 1 there is no record in
// the data base which matches 

if(mysql_num_rows($result) == 1) 
{ 
$query = "UPDATE roster SET hours = '$hours' WHERE id=$id"; 
$result = mysql_db_query($db, $query, $connection) or die 
("Error in query." .mysql_error()); 
} 
else 
{ 
print("Could not file report"); 
} 
?>

This might work a little better now you have the variable $id

Hope this helps.

Regards,
Ray

Bunkermaster

Please give us the mysql_error returned when query craps...

you might try this too to have a look at your query to see if it's ok :

$query = "UPDATE roster SET hours = '$hours' WHERE id='$id'"; 
echo $query.'<br />';

note the '$id', it is good practice to add ' around your values, even numerical ones...

mysql_query

Hi. First of all, where it said $id, that was supposed to be $callsign, that's a scripting mistake that is now corrected. Unfortunatly, it does not make a diffrence. 🙁

This is the error: "Error in query.You have an error in your SQL syntax near '' at line 1"

Also, it works if i JUST update the table, without the password protection.

This is the new code:

<?php 
require("connection.php");// file holding connection details 
$request="SELECT * FROM roster WHERE callsign='$callsign' AND password='$password'";  

$result = mysql_db_query($db, $request, $connection) or die("Error in 
query." .mysql_error()); 


// if mysql_num_rows doesn't = 1 there is no record in
// the data base which matches 

if(mysql_num_rows($result) == 1) 
{ 
$query = "UPDATE roster SET hours = '$hours' WHERE callsign=$callsign"; 
$result = mysql_db_query($db, $query, $connection) or die 
("Error in query." .mysql_error()); 
} 
else 
{ 
print("Could not file report"); 
} 
?>

Bunkermaster

first always use single quotes around variable values in SQL statements.
Second always use backward single quotes around table/field names.
Third could you paste the table def for roster table?

mysql_query

I corrected what you told me to (put apostrophies over the variables), but dide not understand what you meant by the second point. And unfortunatly, I cannot post table defs.

My new error is a parse error on line 15. This is the new code:


<?php 
require("connection.php");// file holding connection details 
$request="SELECT * FROM roster WHERE callsign='$callsign' AND password='$password'";  

$result = mysql_db_query($db, $request, $connection) or die("Error in 
query." .mysql_error()); 


// if mysql_num_rows doesn't = 1 there is no record in
// the data base which matches 

if(mysql_num_rows($result) == 1) 
{ 
$query = "UPDATE roster SET hours = '$hours' WHERE callsign='$callsign'; 
$result = mysql_db_query($db, $query, $connection) or die 
("Error in query." .mysql_error()); 
} 
else 
{ 
print("Wrong passowrd. Could not file report"); 
} 
?>

2 questions.
1-What is a parse error?
2-How do you count the lines in PHP? (does it start at 1 or 0? Do empty lines count? etc.)

Thanks.

Kennel

You forgot a " at the end of the row:

$query = "UPDATE roster SET hours = '$hours' WHERE callsign='$callsign';

It should be:

$query = "UPDATE roster SET hours = '$hours' WHERE callsign='$callsign'";

edit: The lines start at 1 and empty lines count as well.

edwardsbc

All lines count in PHP files (so far as the returned error line). Run, don't walk, and get yourself an editor with line numbers (and preferably PHP syntax highlighting). I use HTML-Kit (Chami.com)

mysql_query

Great news! The password protection works. If I enter the wrong password, it gives me my message ("cannot file...). If I enter the right password, I get an empty screen like it should be. Now the trouble is, the 'update' query does not work. Here's the script:

<?php 
require("connection.php");// file holding connection details 
$request="SELECT * FROM roster WHERE callsign='$callsign' AND password='$password'";  

$result = mysql_db_query($db, $request, $connection) or die("Error in 
query." .mysql_error()); 


// if mysql_num_rows doesn't = 1 there is no record in
// the data base which matches 

if(mysql_num_rows($result) == 1) 
{ 
$query = "UPDATE roster SET hours = '$hours' WHERE callsign='$callsign'"; 
$result = mysql_db_query($db, $query, $connection) or 
die("Error in query." .mysql_error()); 
} 
else 
{ 
print("Could not file report"); 
} 
?>

Thanks for your help so far.

mysql_query

Ok, I fixed this. The problem was the variable 'result' was used twice and it was messing it up. Thanks for all your help.