error with login script

**keyboard** · 09-26-2011, 08:44 AM

I've looked over the code and I can't find the problem.

PHP Code:


<?php

session_start();

if (isset($_POST["username"])) {



  $valid = false;

  $username = $_POST["username"]; $pass = $_POST["pass"];





$check = mysql_query("SELECT * FROM users WHERE username = "'.$username.' AND password = '.$pass.'")or die(mysql_error());

$check2 = mysql_num_rows($check);

if ($check2 == 0) {

    $valid = true;

  }



  if ($valid) {

    $_SESSION["user"] = $username;

    header("Location: ../members");

  } else header("Location: error");

}

?>

I know it's is this bit

PHP Code:


$check = mysql_query("SELECT * FROM users WHERE username = "'.$username.' AND password = '.$pass.'")or die(mysql_error());

$check2 = mysql_num_rows($check);

if ($check2 == 0) {

    $valid = true;

  }

The error is

( ! ) Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in C:\Documents and Settings\Owner\Desktop\canberra amatuer productions\www\new site\login\check.php on line 9

Any help would be great!

**bluewalrus** · 09-26-2011, 01:10 PM

PHP Code:


$check = mysql_query("SELECT * FROM users WHERE username = $username AND password = $pass)" or die(mysql_error());

The editor you're using probably highlights/color codes strings, functions, etc. I'd look into checking that when you hit problems like this. The forum here also highlights strings, so when you see ' AND password = ' in a different color I'd recommend looking at it closer.

You should also not just take in user input as being valid, you need to sanitize it.

Code:

$username = mysql_real_escape_string($_POST["username"]); 
$pass = mysql_real_escape_string($_POST["pass"]);

**keyboard** · 09-26-2011, 08:13 PM

Thanks Blue Walrus.
Now It's coming up with this error.

( ! ) Parse error: syntax error, unexpected ';' in C:\Documents and Settings\Owner\Desktop\canberra amatuer productions\www\new site\login\check.php on line 9

PHP Code:


<?php

session_start();

if (isset($_POST["username"])) {



  $valid = false;

  $username = $_POST["username"];

  $pass = $_POST["pass"];



$check = mysql_query("SELECT * FROM users WHERE username = $username AND password = $pass)" or die(mysql_error());

$check2 = mysql_num_rows($check);



if ($check2 == 1) {

    $valid = true;

  }



  if ($valid) {

    $_SESSION["user"] = $username;

    header("Location: ../members");

  } else header("Location: error");

}

?>

For a text editor I'm just using notepad. Could anyone suggest a good editor which highlights the different ttypes of code?

Thanks for everything!

**traq** · 09-26-2011, 08:22 PM

this

PHP Code:


$check = mysql_query("SELECT * FROM users WHERE username = $username AND password = $pass)" or die(mysql_error());

should be

PHP Code:


$check = mysql_query("SELECT * FROM users WHERE username = $username AND password = $pass") or die(mysql_error());

(note the order of the double-quote and parenthesis after $pass).

as for an editor, if you're using windows I'd recommend notepad++.

**bluewalrus** · 09-26-2011, 08:24 PM

haha didn't take my own advice there, sorry about that.

$check = mysql_query("SELECT * FROM users WHERE username = $username AND password = $pass") or die(mysql_error());

For text editors (assuming you are on PC)

http://notepad-plus-plus.org/
Adobe Dreamweaver (Mac also available)

or http://en.wikipedia.org/wiki/List_of_PHP_editors

**JShor** · 09-26-2011, 08:54 PM

phpDesigner.

http://www.mpsoftware.dk/phpdesigner.php

**djr33** · 09-26-2011, 10:50 PM

For Mac OSX, I highly recommend Text Wrangler. Free and easy to use, including FTP.

**keyboard** · 09-29-2011, 01:49 AM

This code checks my login form-

PHP Code:


<?php

session_start();

if (isset($_POST["username"])) {

require "../database.php";

  $valid = false;

  $username = $_POST["username"];

  $pass = $_POST["pass"];



$check = mysql_query("SELECT * FROM users WHERE username = $username AND password = $pass") or die(mysql_error());

$check2 = mysql_num_rows($check);



if ($check2 == 1) {

    $valid = true;

  }



  if ($valid) {

    $_SESSION["user"] = $username;

    header("Location: ../members");

  } else header("Location: error");

}

?>

The code is coming up with this error when you enter nothing into the username and password inputs

Code:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND password =' at line 1

And this error when you enter test as a username and test2 as the password

Code:

Unknown column 'test' in 'where clause'

Any help?

**traq** · 09-29-2011, 02:14 AM

you need to quote the non-numeric field values in your SQL statement.

PHP Code:


mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$pass' ")

furthermore, you should quote your identifiers - things like table names, field names, etc. - to prevent any conflicts with SQL commands (there is no conflict in this case, but it is more likely than you realize).
The identifier quote for MySQL is the backtick ( ` ) (this is not a single-quote).

PHP Code:


mysql_query("SELECT * FROM `users` WHERE `username`='$username' AND `password`='$pass'")

Thread: error with login script

Thread Tools

Search Thread

error with login script

Bookmarks

Bookmarks

Posting Permissions