Oracle 8i anyone??

ronaldo9

i have posted this problem on "Coding" but i think it is a database querying problem,

(i removed the other posting from coding)

Does anyone have experience verifying a username and password against an Oracle database.

I have encountered the following problems when attempting this query,

-Many articles and other posts dont put double quotations around the column names in the query, and yet this is the only way i can get rid of the "invalid column name" warning when i execute the query.Also i have seen people put single quotes aroun the variables in the query, this causes and T_Variable warning...this is the query code;

$query="select * from david.customer_registration where "USERNAME"=$username and "PWORD1"=$password";

(USERNAME and PWORD1 are columns in the table customer_registration which is in the schema david)

-i want to use an if-else statement to verify the username and password that the user enters against the one in the database table . The pseudocode looks like this

if(entered username and password = username and password in table in the database){
output welcome username;
}else{
redirect to failed login page;
}

-iam having a problem with where to put the if-else statement in relation to the oci functions i.e.

1) query()
2) ociparse()
3) ociexecute()
4) ocifetch()

where does it fit in?

(by the way i have excuted the query without any if-else statements and it just returns the first row in the table)

anyway here is the code i have been working on

<HTML>
<BODY>
<?php
$username=$POST[user]; /these variables are taken in from
$password=$POST[pass]; /the user in a html form page.

$db="(DESCRIPTION=(ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = RICHARD-2J7P3XV)(PORT = 1521)))(CONNECT_DATA=(SID=test)))";
$c1=ocilogon("ADAMS","password",$db); //system username and password

$query="select * from david.customer_registration";
$stmt=ociparse($c1,$query);
echo"($username,$password)";

if("USERNAME"==$username&&"PWORD1"==$password){
ociexecute($stmt);
echo"($username,$password)";

while (ocifetch($stmt)){
echo ociresult($stmt,"F_NAME");
}
}else{
echo"Failed";
}
ocilogoff($c1);
?>
</HTML>

Basiscally the aim of this code is to take in 2 variables,connect to a database, check those variabes against records in the database and to take appropriate action,,

Is there a problem with PL/SQL statments???
The table in the database has an auto-increment first column.
I am working with Apache, PHP4, Oracle 8i Personal edition, on a WIN2k machine.

pinoy

I have fix your code, try to use this

<?php
$username=$POST[user]; /these variables are taken in from
$password=$POST[pass]; /the user in a html form page.

$db="(DESCRIPTION=(ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = RICHARD-2J7P3XV)(PORT = 1521)))(CONNECT_DATA=(SID=test)))";
$c1=ocilogon("ADAMS","password",$db); //system username and password

$query="select * from david.customer_registration where USERNAME=$username";
$stmt=OCIParse($c1,$query);
ociexecute($stmt);
OCIFetchInto($stmt,$row,OCI_ASSOC);

if($row['PWORD1']==$password && $row['PWORD1' != ""]){

echo "LOGIN SUCCESSFULL";
}
else{
echo "LOGIN FAILED";
}

ocilogoff($c1);
?>