Retreive file with if ($_POST...

mrfloyd

Hello, I am a rookie, please be gentle.

I have a form with 2 buttons... Login ... View...
It has two fields... username... password..

I am trying to simply retrieve selected fields within the called matched file from the db when the "View" button is pressed.

Im sure this is simple for you guys/gals, but "My mind is boggled" been on this too long.. I have only a few lines of code

if ($_POST['sublogin0'] == "View")
	{
		$query = "SELECT pcidip,datetime FROM users WHERE username='($_POST[username])'";
		$result = mysql_query($conn,$query) or die ("Could not execute --LINE 175--");
		$row = mysql_fetch_assoc($result);
		extract($row);
		echo "$pcidip, $datetime<br>";
	}
	else
	{
		echo "--181--VIEW FAILED<br>";
	}

When I enter a valid username and password (that is already in the db), I get
"Could not execute --LINE 175--" for about 1-2 seconds.
I expect it to display the two fields "pcidip" and "datetime" that are in the matched username fields I have requested... what am I missing?
Thanks in advance.... again, please be gentle ;-)
Floyd

leatherback

Hi Mr Floyd,

Congrats on the jump into the deep so to speak.

The main problem I see is the use of brackets in your query; you do not need them:

$query = "SELECT pcidip,datetime FROM users WHERE username='".$_POST[username]."';

Furthermore, you already assume that
1) The input is 'safe'
2) The username & password are correct

1] => There are people who will try to break your code. When they insert a partial query in your username / password fields, you run the risk that they break your code,and hack your site. Look into sanitizing your code

2] => What happens if the incorrect combo is inserted? You will get some errors. Do it in an if-then-else statement.

An example of how the process could qork:


// If the current user is not logged in
if($loggedin == 0)
  {
  // note that I wrote a sanitzing function that will test variables for validity which grabs the info from the POST array, called getvar()

  $username   = getvar("username", '', 2);     // Try to get pass & username from the post / get arrays
  $password   = getvar("access", '', 2);
  $password   = md5($password);
  $security   = getvar('security', "", 2);
  $security   = md5($security);

  if($username <> "" and $password <> "" and $security == $_SESSION['hashtext'])  // Data has been submitted
    {
    $DBH = db_connect();
    $login_query = "Select * from "._USERS_T_." 
                           where 
                               (u_name = '$username') 
                           and (u_pass = '$password')
                           and (u_disabled = 0)";

$result = mysql_query($login_query) or handle_errors('LOGIN',__line__, mysql_error(), $login_query);
                       // Username = correct, password correct & user not banned from system

$NumRows = mysql_numRows($result);       

 if ($NumRows > 0)                        // ****** Details are correct ******
    {
    // do stuff

     $loginmessage = "<h1>login succesfull</h1><p>You are now logged in.</p>"; 
     $this_page['topmenu'][300] = "<a href=\""._LOGOUT_U_."\">Logout</a>";
    }
 else
    {                                       // ****** Details zijn incorrect ******      

    $this_page['webcontent'] .= "
  <h1>Incorrect Login</h1>
  <p>This is not a registered username / password combination. Please try again.
  </p>
  }

mrfloyd

letherback, thanks for your attention.

I cut/pasted and when executed, I get a fully blank screen now... while before It did display "Could not execute --LINE 175--"

I am not very good at the proper uses of the [ ( . ' " -- could it be possible they are out of sequence?

Right now I am only trying to get the basic operation.. I will endeavour to clean things up after that...
Thanks so much
Floyd

leatherback

Hey there Floyd,

Tha code I posted was certainly not a working solution: It was a set of sections I snipped out of my validation system. I have a lot of junk in between which controls different access levels and the time users are logged in and stuff. It was more an example of how you could set it up.

As for brackets, in general:

[] => Brackets for an array of data:

a=array(0=>'aaa', 2=>'bbb');
echo a[0];

() => Brackets for functions and some statements:

if (a[0] == 'aaa')
  {
  }

Which bring us to the {} curly barckets: For deliniation of code sections

if(SOMETHING)
  {
  DO SOMETHING 
  }
else
  {
  Do SOMETING ELSE
  }

mrfloyd

Thnks for that...
what about the periods.. '.'

leatherback

hehe

The period is a 'fusion/addition' symbol I suppose. Try this:


$a = 'I have no';
$b = $a.'problems';
$b .= ' with it anymore';

echo $b;