...

View Full Version : problem with simple login script



alexmel7
09-09-2009, 09:57 PM
Hello Everyone, I am trying to create a simple login script. However when I enter a username and password I just get an or die ("Couldn't execute query"). here is my script, any suggestions?


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login Form</title>
</head>

<body>
<?php
/* Program name: login.php
* Description: Program processes and validates login.
*/
ini_set("display_errors","on");
error_reporting(E_ALL | E_STRICT);
ini_set("include_path","./includes");
include("dbinfo2.inc");
if(isset($_POST['submitted']) and $_POST['submitted'] == "yes")
{
foreach($_POST as $field => $value)
{
if(empty($value))
{
$blank_array[] = $field;
}
else
{
$good_data[$field] = strip_tags(trim($value));
}
}
if(@sizeof($blank_array) > 0)
{
$message = "<p style='color: red; margin-bottom: 0; font-weight: bold'>You didn't fill in one or more required fields. You
must enter: <ul style='color: red; margin-top: 0; list-style: none' >";
foreach($blank_array as $value)
{
$message .= "<li>$value</li>";
}
$message .= "</ul>";

echo $message;
extract($good_data);
include("form_Login.inc");
exit();
}
else
{
foreach($_POST as $field => $value)
{
if($field == "username")
{
$myusername = $value;
}
elseif($field == "password")
{
$mypassword = $value;
}
}
$cxn = mysqli_connect($host,$user,$passwd,$dbname)
or die("Couldn't connect to server");
$clean_data[$field] = strip_tags(trim($value));
foreach($clean_data as $field => $value)
{
$clean_data[$field] = mysqli_real_escape_string($cxn,$value);
}
$sql = "SELECT FROM CustomerInfo WHERE username='$myusername' and password='$mypassword'";
$result = mysqli_query($cxn,$sql)
or die("Couldn't execute query");
$count=mysql_num_rows($result);

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
$message = "<p style='color: red; margin-bottom: 0; font-weight: bold'>The password or username you entered was incorrect. </p>";
echo $message;
include("form_Login.inc");
exit();
}
}
}
else {
include("form_Login.inc");
}
?>
</body>
</html>

CFMaBiSmAd
09-09-2009, 10:08 PM
You can use mysqli_error($cxn) to find out with a query failed (either echo it or put it in your die(...) statement.

You are not SELECTing anything - SELECT FROM... in your query. You either need a column name, an expression, or a * after the SELECT keyword.

alexmel7
09-09-2009, 10:25 PM
Thanks, I missed that one (just needed a * after SELECT)! However, now I get the following warning:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/alexmel7/public_html/login.php on line 68

Also, It echoes "The password or username you entered was incorrect." even if I enter a username and password I know are in my database.

CFMaBiSmAd
09-09-2009, 10:32 PM
You are using mysqli functions, not mysql. You would need to use the mysqli equivalent to the mysql_num_rows.

alexmel7
09-09-2009, 10:44 PM
Yep, it's just mysqli_num_rows. Thanks!



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum