[RESOLVED] sql error I have no problem with the php end but sql(user profile page and login.)

serg91

im getting the following error: I did a print_r($_POST);
Array ( [username] => redwingsfan32 [password] => fivehole19 [login] => Login ) login sql: select * FROM users WHERE username=redwingsfan32 AND password=f953ae3fc30423167a9fd15b8f349459

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /srv/www/htdocs/TEllis/project 3b/checklogin.php on line 37 Update failed, Click here to try again
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Unknown column 'redwingsfan32' in 'where clause'' at line 1

I am taking one error at a time. I am able to register the user in to in the database with two table. user and table2( user_info) with no problem. and as far as updating the records i am not going to worry about that right now.

I'm about to give up for the day to step away.

here is my code...

<html>
<body>
<h1>Login Page</h1>
<form action="checklogin.php" method="post">
<table border="1" bgcolor='#999999'>
  <tr>
    <td>Username:</td>
    <td><input type="text" name="username" id="username"/></td>
  </tr>
   <tr>
     <td>Password:</td>
    <td><input type="password" name="password" id="password"/></td>
  </tr>
   <tr>
     <td> </td>
     <td><input type="submit" name="login" id="login" value="Login"/></td>
 </tr>
 </table>
 </form>
Not a user. Register Here

</body>
</html>

checklogin.php

<?php
include "database.php";
$error_msg='';
$success_msg='';
print_r($_POST);

//Get's username from the post  

$myusername = $_POST['username'];

// Encrypt the string wih MD5 encryption
$mypassword = md5($_POST['password']);


// Query the database for matching username and password
 $login_sql = ("select * FROM users WHERE username=`$myusername` AND password=`$mypassword`".mysql_error());

 // echoing out the SQL statement and run it in the phpMyAdmin view
echo "login sql: " . $login_sql . "<br>\n".mysql_error();


// Query the database for matching username and password
$res = mysql_query($login_sql);

// If there is more then one row returned this must mean the username and password was correct
        $success_msg = "You have successfully logged into your Profile";

    $profile = ("SELECT * FROM user_info WHERE username = `username` AND password = `password`".mysql_error());
    $res = mysql_query($profile);

    if(mysql_num_rows($res) >0) {
  $array= mysql_fetch_assoc($res);//$loginsql in the mysql_fetch_assoc() call  

                  echo '<table border="2">';
                  echo "<tr><td>ID:  ";
                  echo "<td>" .$array['id']."</td>\n\t";
                  echo "</tr>";
                   echo "<tr><td>First Name:  ";
                  echo "<td>".$array['first_name']. "</td>\n\t";
                  echo "</td></tr>";
                   echo "<tr><td>Last Name:  ";
                  echo "<td>".$array['last_name']. "</td>\n\t";
                  echo "</td></tr>";
                   echo "<tr><td>Email:  ";
                  echo "<td>".$array['email']. "</td>\n\t";
                  echo "</td></tr>";
                   echo "<tr><td>City:  ";
                  echo "<td>".$array['city']. "</td>\n\t";
                  echo "</td></tr>";
                   echo "<tr><td>State:  ";
                  echo "<td>".$array['state']. "</td>\n\t";
                  echo "</td></tr>\n";
                  echo "</table>\n";
                 // echo 'update';


            } else {
              // If not, send user back to the login page
              echo('Update failed, Click here to try again'.mysql_error());
            }





?>

i'm about ready to give up on this just for the night. maybe stepping away and clearing my head will help.

NogDog

Welcome to the forums. Please note the forum's handy [noparse]

...

...

, and

...

[/noparse] bbcode tags for displaying your code samples.

$login_sql = ("select * FROM users WHERE username=`$myusername` AND password=`$mypassword`".mysql_error());

You should have 'straight quotes' around those values in the where clause, not back-tick quotes. Also the .mysql_error() has no purpose there and should be removed.

$profile = ("SELECT * FROM user_info WHERE username = `username` AND password = `password`".mysql_error());

Not sure what you intended here, but as it is it is going to return every row in the table as you are comparing the value of the username column to itself and the same for the password column. Did you mean to compare them to the literal words 'username' and 'password'? If so, then again they should be enclosed in 'straight' quotes. (Should they be replaced by variables as in the previous query?) Once again the mysql_error() does not belong there, as you are only defining the query string at that time, not actually executing it.

serg91

cool! that took car of the sql but i am still getting the error: Update failed, Click here to try again
after logging in the user name and password.

serg91

REsolved. I got it all figured out. Thank you.