failed to extact the data from the mysql

mark103

Hi guys,

I have a bit of trouble as I am trying to extact the data from mysql database when I enter the url as something like this:

http://www.mysite.com/login.php?user=test&pass=test

<?php
session_start();
    define('DB_HOST', 'localhost');
    define('DB_USER', 'myuser');
    define('DB_PASSWORD', 'mypass');
    define('DB_DATABASE', 'mydbname');

$errmsg_arr = array();
$errflag = false;

$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
  die('Failed to connect to server: ' . mysql_error());
    }

$db = mysql_select_db(DB_DATABASE);
if(!$db) {

die("Unable to select database");
    }

   function clean($var){

return mysql_real_escape_string(strip_tags($var));
    }
    $user = clean($_GET['user']);
    $pass = clean($_GET['pass']);
    $login = clean($_GET['login']);


if($user == '' && $pass == ''){
   // both are empty
   $errmsg_arr[] = 'Both name and email are missing. You must enter one or the other.';
   $errflag = true;
}

if($errflag) {
  $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
  echo implode('<br />',$errmsg_arr);
   }
   else {
$insert = array();
if(isset($_GET['user'])) {
    $insert[] = 'user = \'' . clean($_GET['user']) .'\'';
}
if(isset($_GET['pass'])) {
    $insert[] = 'pass = \'' . clean($_GET['pass']) . '\'';
}
if(isset($_GET['login'])) {
    $insert[] = 'login = \'' . clean($_GET['login']) . '\'';
}

if (count($insert)>0) {
   $names = implode(',',$insert);


if(isset($user) && isset($pass)) {
   $query  = "SELECT username, LoggedUser FROM Login WHERE username='$user'";
   $result=mysql_query($query) or die('Error:<br />' . $qry . '<br />' . mysql_error());
   echo "<p id='LoggedUser'>";
   echo $row['LoggedUser'] . "</p>";
} elseif(isset($user) && isset($login)) {
   $sql="UPDATE Login SET {$login} where username='{$user}'";
   echo "<p id='LoggedUser'>";
   echo $row['LoggedUser1'] . "</p>";
 }
}
}
?>

when I entered the url, there are empty array which it did not filled on the webpage.

I want to extact the data from the database when I enter the url like on above.

Please can you help?

Thanks,
Mark

NogDog

Looks like you are missing the "fetch" part, e.g. using [man]mysql_fetch_assoc/man to fetch a result row from the query.