username/password check

dougmcc1

What am I doing wrong with this?

mysql_query("SELECT(password_in_table) as $password_in_table FROM table WHERE username_in_table='$username_entered'");

if ($password_in_table == $password_entered) {
echo ("Welcome $username_in_table.");
} else {
die("Incorrect username/password combination.");
}

Thanks.

dougmcc1

If anyone knows where to get a REAL username/password script, I'd be grateful for that as well.

bad76

 
mysql_query("SELECT(password_in_table) as $password_in_table FROM table WHERE username_in_table='$username_entered'"); 

if ($password_in_table == $password_entered) { 
echo ("Welcome $username_in_table."); 
} else { 
die("Incorrect username/password combination."); 
}

Hi,
what is wrong here? All.

You have to do some look at the manual and examples first.
( www.php.net/mysql ... )

Now:

mysql_query("SELECT(password_in_table) as $password_in_table FROM table WHERE username_in_table='$username_entered'");

Error 1: syntax of SELECT statement.
The right syntac is:
SELECT <list of field or * to ask all field> FROM <tables> WHERE <conditions>

AS in the SELECT is used to give a different name to field/table and not to put a value in your variable.

some example:

 
//SELECT password_in_table FROM table WHERE username_in_table='$username_entered'

//SELECT password_in_table as field1 FROM table WHERE username_in_table='$username_entered'

//SELECT a.password_in_table FROM table as a WHERE username_in_table='$username_entered'

Error 2:syntax of mysql_query() command.
From manual (www.php.net/mysql_query):
resource mysql_query ( string query [... , [, ...]])
This tells us the mysql_query() command need a query string AND RETURN a result set.

Then the correct use is:

 
$myresult=mysql_query($myquery); 

//for debug purpose
$myresult=mysql_query($myquery) or die(mysql_error()."<br>".$myquery);

What is a result set? Is the containers for your records. Now you have to get it out, with command like mysql_fetch_array() (www.php.net/mysql_fetch_array).

At last:

 
$myquery="SELECT password_in_table as pass, username_in_table as user FROM table WHERE username_in_table='$username_entered'";

// or that too
// $myquery="SELECT * FROM table WHERE username_in_table='$username_entered'";

// or that too
// $myquery="SELECT password_in_table,username_in_table FROM table WHERE username_in_table='$username_entered'";

$myresult=mysql_query($myquery) or die(mysql_error()."<br>".$myquery); 

$myrow=mysql_fetch_array($myresult);

if ($myrow["pass"] == $password_entered) { 
           echo "Welcome ".$myrow["user"]; 
} else { 
          die("Incorrect username/password combination."); 
} 

/* or this too
if ($myrow["password_in_table"] == $password_entered) { 
                  echo "Welcome ".$myrow["username_in_table"]; 
} else ...
*/

Now, what was wrong in that? All.

Next time before post, please try to look a manual, a book, some code.... you can't invent the php language....

see you

dougmcc1

Yeah I really should sit down and read through that site one of these days. I've read bits and pieces here and there to help me along with what I'm working on but I should read it from start to finish. I do a lot of searching online too (the php.net site comes up a lot which is why I've read bits and pieces of it). I keep putting it of because this project was suppose to be really simple but it just keeps getting more and more complex.

Anyways, thanks for your help. The first variation of your script didn't work for me but the second one does.

Thanks again.

bad76

[edit]
oooOOOPPpppss

Double posted.... look a bit ahead...
[/edit]

dougmcc1

bad76

You don't have to read all (it's near to impossible...) just that you need. If you use a mysql_query() function read how use it.
The manual may be usefull, but a good book may be necessary to start...

see you

And... the first variation that i do is not a variation, it's just a cut&paste of your code...