mysql_fetch_assoc()

Design-is-BS

I've been trying this on WebDeveloper.com with no luck..

OK, here is what I'm trying to do...

ANYONE FEEL FREE TO ASSIST! PLEASE!!!!

[INDENT]1) The user is sent an email containing a Randomly Generated Password and a User-name made up of the first-part of their email.[/INDENT]

[INDENT]2) In this email is a link to a webpage, where the user enters in three bits of information:[/INDENT]
[INDENT][INDENT]2a) Username (provided)
2b) Password (provided)
2c) Email[/INDENT][/INDENT]

[INDENT]3) upon clicking "Submit" the information is compared to what is on the DB (Database).[/INDENT]
[INDENT][INDENT]3a) If there is a match, the app carries on.
3b) If there isn't a match the user is prompted to try again.[/INDENT][/INDENT]

[INDENT]4) Upon a successful match, the user is then directed to a page where they can customize their login (User-Name and Password) and they can enter in other information (Address, First Name, etc.)[/INDENT]

Ok...Now...I haven't gotten that far yet; I'm stuck on #3. I am not able to compare what is on my DB to what the user has submitted. F0r some reason what I was doing earlier wasn't safe, so I'm forced to try a new way of doing things.

This is my Code, currently:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Testing - Investor Login</title>

</head>

<body>
<?php 

echo "Please enter username & password<br>";
echo "<form method=post>";
echo "Username: <input type=text name=username><br>";
echo "Password: <input type=text name=password><br>";
echo "Email: <input type=text name=email><br>";
echo "<input type=submit name=submit value=Submit>";

/* $form_pass = $_POST['password'];
$form_user = $_POST['username'];
$form_email = $_POST['email'];
$DB_user = "$row[0]";
$DB_pass = "$row[1]";
$DB_mail = "$row[2]";

$sql = "SELECT * FROM users";

$DBusers = mysql_query($sql, $link);
while ($row = mysql_fetch_array($DBusers)){

	if ($DB_pass == $form_pass)  { 
		echo "<br><br><br>Pass Works";
	}
	else  { 
		echo "<br><br><br>Pass Failed";  
	}

	if ($DB_user == $form_user)  {
		echo "<br>User Works";
	}
	else  {
		echo "<br> User Failed";
	}

	if (DB_mail == $form_email)  {
		echo "<br>Email Works";
	}
	else  {
		echo "<br>Email Failed";
	}
}*/


if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email'])) {
    // Connect

$hostname = "myhost";
$username= "myuser";
$password= "mypass";
$dbid="myid";
$link=mysql_connect($hostname, $username, $password);
mysql_select_db($dbid) or die ("Unable to connect to MySQL");

if(!is_resource($link)) {

    echo "Failed to connect to the server\n";
    // ... log the error properly

} else {

		// Reverse magic_quotes_gpc/magic_quotes_sybase effects on those vars if ON.

		if(get_magic_quotes_gpc()) {
			$username = stripslashes($_POST['username']);
			$password = stripslashes($_POST['password']);
			$email = stripslashes($_POST['email']);
		} else {
			$username = $_POST['username'];
			$password = $_POST['password'];
			$email = $_POST['email'];
		}


		 Make a safe query
		$query = sprintf("SELECT * FROM users (username, password, email) VALUES (%s, %s, %s)",
					mysql_real_escape_string($username, $link),
					mysql_real_escape_string($password, $link),
					mysql_real_escape_string($email, $link));
		$fetch = mysql_query($query, $link); 

		echo "<br>" . $query . "<br>";
		echo mysql_error();

		 while ($row = mysql_fetch_assoc($fetch))  {
			echo "<br><br>" . $row['username'];
		}
	}
}
?>
</body>
</html>

Please, for the love of all that is holy, I'm so utterly stuck..

Jack_McSlay

Unquoted tag attibutes on a XHTML-doctype document? Blasphemy! 😛

back to the point, yout SELECT is completely wrong

the query you want is

$query = sprintf("SELECT * FROM users WHERE username = '%s' ",
                        mysql_real_escape_string($username, $link) );