Results 1 to 9 of 9

Thread: error with login script

  1. #1
    Join Date
    Mar 2011
    Posts
    1,898
    Thanks
    59
    Thanked 105 Times in 103 Posts
    Blog Entries
    4

    Default error with login script

    I've looked over the code and I can't find the problem.


    PHP Code:
    <?php
    session_start
    ();
    if (isset(
    $_POST["username"])) {

      
    $valid false;
      
    $username $_POST["username"]; $pass $_POST["pass"];


    $check mysql_query("SELECT * FROM users WHERE username = "'.$username.' AND password '.$pass.'")or die(mysql_error());
    $check2 = mysql_num_rows($check);
    if (
    $check2 == 0) {
        
    $valid = true;
      }

      if (
    $valid) {
        
    $_SESSION["user"] = $username;
        header("
    Location: ../members");
      } else header("
    Locationerror");
    }
    ?>
    I know it's is this bit

    PHP Code:
    $check mysql_query("SELECT * FROM users WHERE username = "'.$username.' AND password '.$pass.'")or die(mysql_error());
    $check2 = mysql_num_rows($check);
    if (
    $check2 == 0) {
        
    $valid = true;
      } 


    The error is


    ( ! ) Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in C:\Documents and Settings\Owner\Desktop\canberra amatuer productions\www\new site\login\check.php on line 9


    Any help would be great!
    Last edited by keyboard; 09-29-2011 at 11:29 PM.

  2. #2
    Join Date
    May 2007
    Location
    Boston,ma
    Posts
    2,127
    Thanks
    173
    Thanked 207 Times in 205 Posts

    Default

    PHP Code:
    $check mysql_query("SELECT * FROM users WHERE username = $username AND password = $pass)" or die(mysql_error()); 
    The editor you're using probably highlights/color codes strings, functions, etc. I'd look into checking that when you hit problems like this. The forum here also highlights strings, so when you see ' AND password = ' in a different color I'd recommend looking at it closer.

    You should also not just take in user input as being valid, you need to sanitize it.

    Code:
    $username = mysql_real_escape_string($_POST["username"]); 
    $pass = mysql_real_escape_string($_POST["pass"]);
    Corrections to my coding/thoughts welcome.

  3. #3
    Join Date
    Mar 2011
    Posts
    1,898
    Thanks
    59
    Thanked 105 Times in 103 Posts
    Blog Entries
    4

    Default

    Thanks Blue Walrus.
    Now It's coming up with this error.



    ( ! ) Parse error: syntax error, unexpected ';' in C:\Documents and Settings\Owner\Desktop\canberra amatuer productions\www\new site\login\check.php on line 9



    PHP Code:
    <?php
    session_start
    ();
    if (isset(
    $_POST["username"])) {

      
    $valid false;
      
    $username $_POST["username"];
      
    $pass $_POST["pass"];

    $check mysql_query("SELECT * FROM users WHERE username = $username AND password = $pass)" or die(mysql_error());
    $check2 mysql_num_rows($check);

    if (
    $check2 == 1) {
        
    $valid true;
      }

      if (
    $valid) {
        
    $_SESSION["user"] = $username;
        
    header("Location: ../members");
      } else 
    header("Location: error");
    }
    ?>
    For a text editor I'm just using notepad. Could anyone suggest a good editor which highlights the different ttypes of code?

    Thanks for everything!

  4. #4
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    this
    PHP Code:
    $check mysql_query("SELECT * FROM users WHERE username = $username AND password = $pass)" or die(mysql_error()); 
    should be
    PHP Code:
    $check mysql_query("SELECT * FROM users WHERE username = $username AND password = $pass") or die(mysql_error()); 
    (note the order of the double-quote and parenthesis after $pass).

    as for an editor, if you're using windows I'd recommend notepad++.

  5. #5
    Join Date
    May 2007
    Location
    Boston,ma
    Posts
    2,127
    Thanks
    173
    Thanked 207 Times in 205 Posts

    Default

    haha didn't take my own advice there, sorry about that.

    $check = mysql_query("SELECT * FROM users WHERE username = $username AND password = $pass") or die(mysql_error());

    For text editors (assuming you are on PC)

    http://notepad-plus-plus.org/
    Adobe Dreamweaver (Mac also available)

    or http://en.wikipedia.org/wiki/List_of_PHP_editors
    Corrections to my coding/thoughts welcome.

  6. #6
    Join Date
    Mar 2007
    Location
    New York, NY
    Posts
    557
    Thanks
    8
    Thanked 66 Times in 66 Posts

  7. #7
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,164
    Thanks
    265
    Thanked 690 Times in 678 Posts

    Default

    For Mac OSX, I highly recommend Text Wrangler. Free and easy to use, including FTP.
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

  8. #8
    Join Date
    Mar 2011
    Posts
    1,898
    Thanks
    59
    Thanked 105 Times in 103 Posts
    Blog Entries
    4

    Default

    This code checks my login form-

    PHP Code:
    <?php
    session_start
    ();
    if (isset(
    $_POST["username"])) {
    require 
    "../database.php";
      
    $valid false;
      
    $username $_POST["username"];
      
    $pass $_POST["pass"];

    $check mysql_query("SELECT * FROM users WHERE username = $username AND password = $pass") or die(mysql_error());
    $check2 mysql_num_rows($check);

    if (
    $check2 == 1) {
        
    $valid true;
      }

      if (
    $valid) {
        
    $_SESSION["user"] = $username;
        
    header("Location: ../members");
      } else 
    header("Location: error");
    }
    ?>
    The code is coming up with this error when you enter nothing into the username and password inputs

    Code:
    You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND password =' at line 1
    And this error when you enter test as a username and test2 as the password

    Code:
    Unknown column 'test' in 'where clause'
    Any help?

  9. #9
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    you need to quote the non-numeric field values in your SQL statement.
    PHP Code:
    mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$pass' "
    furthermore, you should quote your identifiers - things like table names, field names, etc. - to prevent any conflicts with SQL commands (there is no conflict in this case, but it is more likely than you realize).
    The identifier quote for MySQL is the backtick ( ` ) (this is not a single-quote).
    PHP Code:
    mysql_query("SELECT * FROM `users` WHERE `username`='$username' AND `password`='$pass'"

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •