[Resolved] I really cant see what I am doing wrong

adrianuk29

I am trying to pass the input from a form and check the username and password against the database. Even when I type the correct username and password it is still saying Does not exist.

<?
include "connect.inc.php";
mysql_connect($servername,$username,$password);
$query = "SELECT * FROM personal_information WHERE username='$username' AND password='$password'";
@mysql_select_db($database) or die( "Unable to select database");

$result = mysql_query($query); //you should do error checking

$num=mysql_numrows($result);

if ($num==0) {
echo "********** Username and password does not exist *****";

} else if ($num > 0) {
echo "********** Username and password exists **";
exit;
}
?>

laserlight

Then debug the script.
Are you sure that $username and $password exist?
Where are they coming from?

<?php
include "connect.inc.php";

mysql_connect($servername,$username,$password)
	OR die(mysql_error()); //for debugging
mysql_select_db($database)
	OR die(mysql_error()); //for debugging

$query = "SELECT * FROM personal_information
	WHERE username='$username'
		AND password='$password'";

$result = mysql_query($query)
	OR die(mysql_error()); //for debugging

$num = mysql_num_rows($result);

if ($num > 0) {
	echo "************* Username and password exists *****";
	exit;
} else {
	echo "************* Username and password does not exist ********";
}
?>

TheDefender

mysql_connect($servername,[COLOR=red]$username[/COLOR],[COLOR=red]$password[/COLOR] ); 
$query = "SELECT * FROM personal_information WHERE username='[COLOR=red]$username[/COLOR]' AND password='[COLOR=red]$password[/COLOR]'";

The other thing you want to be careful of is using $username and $password for both your connect variables, and your query variables...

You may want to change your connect variables to something like $db_username and $db_password... to avoid confusion. You know, something more like:

mysql_connect($servername,[COLOR=red]$db_username [/COLOR],[COLOR=red]$db_password[/COLOR] ); 
$query = "SELECT * FROM personal_information WHERE username='[COLOR=red]$username[/COLOR]' AND password='[COLOR=red]$password[/COLOR]'";

Of course, make sure you make the change in your connect.inc.php file too.

Lastly, if you are POSTING the variables through a form, you may want to change your query to fetch the variables out of the POST array, just in case your REGISTER GLOBALS is OFF in your php.ini file. You know, something along these lines:

mysql_connect($servername,[COLOR=red]$db_username [/COLOR],[COLOR=red]$db_password[/COLOR] ); 
$query = "SELECT * FROM personal_information WHERE username='".[COLOR=red]$_POST['username'][/COLOR]."' AND password='".[COLOR=red]$_POST['password'][/COLOR]."'";

dpearre

i'm guessing register_globals is turned off (a good thing), and that you just need to register $username and $password. try registering them like this:

$username = $_REQUEST[username];
$password = $_REQUEST[password];

adrianuk29

I feel like a complete doughnut. Of course I just changed the username and password to different names in the table, I also changed the form to reflect this and it is working. I have been pulling my head out wondering what was going on, I could see nothing wrong with the code. This has happen before sometime ago when I used $domain as a variable lol. Stupid me.

Thanks for all your help

laserlight
TheDefender
dpearre

TheDefender

No Problem. Be sure to mark the thread resolved using the "Mark Thread Resolved" link at the bottom.