Whats wrong with this SQL?

rjive

What is wrong with this code. I keep getting this error:

You have an error in your SQL syntax near '('password')' at line 1

//create and issue the query
$sql = "select username, user_password from phpbb_users  where username = '$_POST[username]' AND user_password = user_password('$_POST[user_password]')";
$result = mysql_query($sql,$conn) or die(mysql_error());

//get the number of rows in the result set; should be 1 if a match
if (mysql_num_rows($result) == 1) {

please help, I've going after this for hours. Any help you can provide would be great.

leatherback

'$_POST[user_password]'";

not

user_password('$_POST[user_password]')";

rjive

ok, well, I tried that as well as

//create and issue the query 
$sql = "select username, user_password from phpbb_users  where username = '$_POST[username]' AND user_password = password('$_POST[user_password]')";

$result = mysql_query($sql,$conn) or die(mysql_error());

//get the number of rows in the result set; should be 1 if a match 
if (mysql_num_rows($result) == 1) {

Still nothing is working. The syntax error is gone, but I just get a blank page... so its not working. Any other thoughts?

leatherback

What is the password() function doing in your query? That is what I posted in the first./ Your query should not have that, unless it results in meaninfull output.

rjive

Well its so members can log into the main website using the user name and password from phpBB database.

leatherback

Still doesn't explain the presence of password() in your query.

Have you tried it the way I suggested?

rjive

Thanks for the help. I did try what you suggested. here is my complete code.

//check for required fields from the form
if ((!$_POST[username]) || (!$_POST[user_password])) {
    header("Location: listing23.7.php");
    exit;
}
echo "1"
//connect to server and select database
$conn = mysql_connect("localhost", "XXXX", "XXXXXXX") or die(mysql_error());
mysql_select_db("db_new1",$conn)  or die(mysql_error());

//create and issue the query
$sql = "select username, user_password from phpbb_users  where username = '$_POST[username]' AND user_password = '$_POST[user_password]'";
$result = mysql_query($sql,$conn) or die(mysql_error());

//get the number of rows in the result set; should be 1 if a match
if (mysql_num_rows($result) == 1) {

   //if authorized, get the values of username
   $username = mysql_result($result, 0, 'username');

   //set authorization cookie
   setcookie("auth", "1", 0, "/", "goldcountrymini.com", 0);

   //prepare message for printing, and user menu
   $msg = "<P>$username is authorized!</p>";
   $msg .= "<P>Authorized Users' Menu:";
   $msg .= "<ul><li><a href=listing23.9.php>secret page</a></ul>";
} else {
   //redirect back to login form if not authorized
   header("Location: listing23.7.php");
   exit;
}
?>

I took out the passwords of course, but they're correct. I am trying to reuse the exsisting database for my message board. Do you want to see my login script?

leatherback

Not unless it is not working.

even then I am not sure 😃 😉

rjive

the log in form is working with no problems. Its the above scripting that is not working right. I think it has to do with the syntax, but I am really new to this. I've read all different types of tutorials and all. Any idea why this is not working?

I am trying to use the phpbb database for the "users" to log into a section of my site. Thanks again for all the help

leatherback

Oh, it is not working yet.

Hm.. What is the output you get? DO you still get an empty page?
You do, I assume, echo the $msg somewhere?

rjive

No its not working. I do of course echo the message if attempt is successful. I keep getting routed back to the login page. It looks like an error possibly with my SQL syntax. The database info is correct. I am able to print the database by using php. Any other suggestions?

leatherback

If you get redirected with the script you posted, then this:

if ((!$POST[username]) || (!$POST[user_password])) {

is wrong.

You place an echo just after that. Once the 1 has been echoed, you cannot be redirected anymore.

I am not sure. But I think that neither of these would return true.

You should do something like:

if ((!$POST[username]=="") and (!$POST[user_password]=="")) {

rjive

I will give it a shot. Thanks. I knew something had to be missing. I've been staring at this problem too much so I'm sure I'm over looking something stupid. Plus a new to this whole gig. I will give it a shot and post my results. Thanks for all the help leatherback.

rjive

Ok, well now I've replaced that and it gives me a blank page. Any other thoughts?

leatherback

Hi Rjive,

When I am stuck on a code, I usually place an "echo "Tadaaa 1";" after each statement, so I can track where the script gets stuck / what it does.

Try this. And / or maybe start a fresh thread, with the newest code, so we get some fresh eyes.

I'll have an other look at your code too.