WampServer
Apache, PHP, MySQL
on Windows
please help me in select statement
Posted by:
nav2626
(---.nycmny.east.verizon.net)
Date: June 13, 2008 03:42AM
hi...can smone please solve my this problem .... i'm not able to enter the IF statement its strightway going to else.....where after puttin the username correct its showin me
The username is invalid. It must be alphanumeric and 2-8 characters long
my code is:
<?php
session_start();
$con = mysql_connect("localhost","root","managed1"
or die ('Error connecting to mysql');
$dbname = 'minhas';
mysql_select_db($dbname,$con);
$loginerror = ""; // by default assume there is not login error
if (isset($_POST['login'])) {
// test for the correct username & password
if (!empty($_POST['username']) && !empty($_POST['password'])) {
$username = strtolower($_POST['username']); // convert to lowercase to avoid upper/lowercase problems
if (ereg("^[a-z0-9]{2,8}$",$username)) { // validate username to protect from SQL injection attacks
// verify this username/password combination against a database
$sql = "SELECT * FROM customer WHERE username='".$username."'";
@mysql_query($sql) or die('Error in query: [<b>' . $sql . '</b>]. The error was: ' . mysql_error());
$result = $database->mysql_query($sql);
if ($result->numRows() > 0) {
$user = $result->fetchRow(DB_FETCHMODE_ASSOC,0);
if ( crypt($_POST['password'],$user['passwordcrypt'])==$user['passwordcrypt'] ) { // do password crypts match?
$_SESSION['username'] = $username; // remember the username
}
else {
$loginerror = "Wrong username or password. Please try again.";
}
}
else {
$loginerror = "Wrong username or password. Please try again.";
}
} // end: if (ereg("^[a-z0-9]{2,8}$",$username))
else {
$loginerror = "The username is invalid. It must be alphanumeric and 2-8 characters long.";
}
} // end: if (!empty($_POST['username']) && !empty($_POST['password']))
else {
$loginerror = "Please enter a username and password.";
}
} // end: if (isset($_POST['login']))
?>
The username is invalid. It must be alphanumeric and 2-8 characters long
my code is:
<?php
session_start();
$con = mysql_connect("localhost","root","managed1"
or die ('Error connecting to mysql');$dbname = 'minhas';
mysql_select_db($dbname,$con);
$loginerror = ""; // by default assume there is not login error
if (isset($_POST['login'])) {
// test for the correct username & password
if (!empty($_POST['username']) && !empty($_POST['password'])) {
$username = strtolower($_POST['username']); // convert to lowercase to avoid upper/lowercase problems
if (ereg("^[a-z0-9]{2,8}$",$username)) { // validate username to protect from SQL injection attacks
// verify this username/password combination against a database
$sql = "SELECT * FROM customer WHERE username='".$username."'";
@mysql_query($sql) or die('Error in query: [<b>' . $sql . '</b>]. The error was: ' . mysql_error());
$result = $database->mysql_query($sql);
if ($result->numRows() > 0) {
$user = $result->fetchRow(DB_FETCHMODE_ASSOC,0);
if ( crypt($_POST['password'],$user['passwordcrypt'])==$user['passwordcrypt'] ) { // do password crypts match?
$_SESSION['username'] = $username; // remember the username
}
else {
$loginerror = "Wrong username or password. Please try again.";
}
}
else {
$loginerror = "Wrong username or password. Please try again.";
}
} // end: if (ereg("^[a-z0-9]{2,8}$",$username))
else {
$loginerror = "The username is invalid. It must be alphanumeric and 2-8 characters long.";
}
} // end: if (!empty($_POST['username']) && !empty($_POST['password']))
else {
$loginerror = "Please enter a username and password.";
}
} // end: if (isset($_POST['login']))
?>
Re: please help me in select statement
Posted by:
toivo
(---.belrs3.nsw.optusnet.com.au)
Date: June 13, 2008 11:53AM
Hi,
The syntax is right and the regular expressions looks fine. However, you have not included the database class. If you use a database object, you need to create it first., for example:
$database = new myDbClass;
Assuming that you have such a class, you can then use its methods. Otherwise, it is simpler to use the procedural style of database calls, of which there are plenty of examples in the PHP reference manual.
Regards,
toivo
Sydney, Australia
The syntax is right and the regular expressions looks fine. However, you have not included the database class. If you use a database object, you need to create it first., for example:
$database = new myDbClass;
Assuming that you have such a class, you can then use its methods. Otherwise, it is simpler to use the procedural style of database calls, of which there are plenty of examples in the PHP reference manual.
Regards,
toivo
Sydney, Australia
Re: please help me in select statement
Posted by:
nav2626
(---.nycmny.east.verizon.net)
Date: June 14, 2008 04:26AM
how to create this class......actually if i am just addin this line its showing ma a fatal error...
can u please help me in this..
can u please help me in this..
Re: please help me in select statement
Posted by:
yfastud
(Moderator)
Date: June 14, 2008 06:42AM
$sql = "SELECT * FROM customer WHERE username='".$username."'";Did you try it w/o the dot's?
$sql = "SELECT * FROM customer WHERE username='$username'";
Have fun,
FREE One A Day
FREE Photo
FREE Games
FREE Websites
FREE Portable GPS
FREE WAMP Guides
Re: please help me in select statement
Posted by:
toivo
(---.nsw.bigpond.net.au)
Date: June 14, 2008 09:25AM
nav2626 Wrote:
-------------------------------------------------------
> how to create this class......actually if i am
> just addin this line its showing ma a fatal
> error...
> can u please help me in this..
If you copied the code from a book, it should explain how to create a class or at least have an example. If not, it is easier to use the procedural type of functions.
Regards,
toivo
Sydney, Australia
-------------------------------------------------------
> how to create this class......actually if i am
> just addin this line its showing ma a fatal
> error...
> can u please help me in this..
If you copied the code from a book, it should explain how to create a class or at least have an example. If not, it is easier to use the procedural type of functions.
Regards,
toivo
Sydney, Australia
Re: please help me in select statement
Posted by:
nav2626
(---.nycmny.east.verizon.net)
Date: June 15, 2008 04:14AM
i've modified the code again.. actually trying to avoin database word but still its not selecting from the database..its straightway passing to the login failed page...kindly help me in solving this prb..
<title>login-exe.php</title><?php
//Start session
session_start();
//Connect to mysql server
$link=mysql_connect("localhost","root","managed1";
if(!$link) {
die('Failed to connect to server: ' . mysql_error());
}
//Select database
$db=mysql_select_db("minhas";
if(!$db) {
die("Unable to select database";
}
//Sanitize the value received from login field
//to prevent SQL Injection
if(!get_magic_quotes_gpc()) {
$login=mysql_real_escape_string($_POST['login']);
}else {
$login=$_POST['login'];
}
//Create query
$qry="SELECT username FROM customer WHERE username='$username' AND password='".md5($_POST['password'])."'";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result)>0) {
//Login Successful
session_regenerate_id();
$user=mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID']=$user['username'];
session_write_close();
header("location: member-index.php";
exit();
}else {
//Login failed
header("location: login-failed.php";
exit();
}
}else {
die("Query failed";
}
?>
<title>login-exe.php</title><?php
//Start session
session_start();
//Connect to mysql server
$link=mysql_connect("localhost","root","managed1"
;if(!$link) {
die('Failed to connect to server: ' . mysql_error());
}
//Select database
$db=mysql_select_db("minhas"
;if(!$db) {
die("Unable to select database"
;}
//Sanitize the value received from login field
//to prevent SQL Injection
if(!get_magic_quotes_gpc()) {
$login=mysql_real_escape_string($_POST['login']);
}else {
$login=$_POST['login'];
}
//Create query
$qry="SELECT username FROM customer WHERE username='$username' AND password='".md5($_POST['password'])."'";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result)>0) {
//Login Successful
session_regenerate_id();
$user=mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID']=$user['username'];
session_write_close();
header("location: member-index.php"
;exit();
}else {
//Login failed
header("location: login-failed.php"
;exit();
}
}else {
die("Query failed"
;}
?>
Sorry, only registered users may post in this forum.
