<?php
$user="";
$pass="";
$database="phpdb";

$username=$_POST['username'];
$password=$_POST['password'];

mysql_connect('localhost',$user,$pass);
@mysql_select_db($database) or die ("error selecting DB");

if($username == "admin")
{
if($password == "test")
{
echo "Admin Login";
}
else
{
echo "Error Incorrect Admin Password";
}
}
else
{

$query="SELECT password FROM clients WHERE username='$username'";
$result=mysql_query($query) or die (mysql_error());

if ($result==$password)
{
echo "Welcome";
}
else
{
echo "Error";
}
}
mysql_close();
?>

this doesnt work, it works if the admin logs in i think its the way i am handling the $result could any help me fix it up?

thank you

The problem is caused on this line:

if ($result==$password)

After calling mysql_query() and assigning the result to $result; $result is known as a resource. The resource in this case is a pointer to the mysql recordset. Similar to VB you need to move through the record set to obtain the results.

In PHP/MySql you use the mysql_fetch_* functions.

mysql_fetch_row() gets one row from the result set, places it in an indexed array and moves the result pointer to the next row.

mysql_fetch_assoc() gets one row from the result set, places it in an associative array (i.e: each array index is the name of a column in the result set) and moves the result pointer to the next row.

mysql_fetch_array() does exactly the same as the above two functions but combines both the index based array and the associative array into one.

The following code demonstrates each function. On the following table:

+----------+----------+
| UserName | Password
| user1 | 1
| user2 | 2
| user3 | 3



$query = 'SELECT UserName,Password FROM users;';

$result = mysql_query ($query);

print_r(mysql_fetch_row($result));
print_r(mysql_fetch_assoc($result));
print_r(mysql_fetch_array($result));


Output:

Array
(
[0] => user1
[1] => 1
)

Array
(
[UserName] => user2
[Password] => 2
)

Array
(
[0] => user3
[1] => 3
[UserName] => user3
[Password] => 3
)

So to correct your code all you need to do is something like this:

$query="SELECT password FROM clients WHERE username='$username'";
$result=mysql_query($query) or die (mysql_error());

if (mysql_num_rows($result) == 0) {
echo('Invalid User');
} else if (($row = mysql_fetch_assoc($result)) && ($row['password']==$password)) {
echo('Welcome');
} else {
echo('Error: Bad password');
}

thats quite helpfull :)

1 thing tho, when i run the code



Warning: Wrong parameter count for mysql_fetch_assoc() in E:\Abyss Web Server\htdocs\logintest.php on line 31
Error: Bad password



and that line is...



} else if ($row = mysql_fetch_assoc() && $row['password']==$password) {

any ideas?

Originally posted by Pino
any ideas?
I gave you buggy code. It should be:

$row = mysql_fetch_assoc($result);

:rolleyes: Sorry :blush:

Originally posted by visualAd
I gave you buggy code. It should be:

$row = mysql_fetch_assoc($result);

:rolleyes: Sorry :blush:

HEHEH it happens to the best of us ;) thanks for your help so far, no doubt i'll be back soon lol :)

thank you though

ok



if (mysql_num_rows($result) == 0) {
echo('Invalid User');

} else if ($row = mysql_fetch_assoc($result) && $row['password']==$password) {
echo('Welcome');
}
else
{
echo('Error: Bad password');
}



ok its saying that $row is and undefined varible, do i need to encase it in inverted commas?

My apologies for the sloppy coding. The way PHP evalutes the expressions is as if it were writtten like this:

if($row = (mysql_fetch_assoc($result) && $row['password']==$password))

Changing it to this. Will force the assignment to be made first:

if(($row = mysql_fetch_assoc($result)) && ($row['password']==$password))

hmm...

ok the error has gone now, but it still says bad password, and i have looked and checked to make sure i am typing the right username and password....



<?php
$user="";
$pass="";
$database="phpdb";

$username=$_POST['username'];
$password=$_POST['password'];

mysql_connect('localhost',$user,$pass);
@mysql_select_db($database) or die ("error selecting DB");

if($username == "admin")
{
if($password == "test")
{
echo "Admin Login";
}
else
{
echo "Error Incorrect Admin Password";
}
}
else
{

$query="SELECT password FROM clients WHERE username='$username'";
$result=mysql_query($query) or die (mysql_error());

$row = mysql_fetch_assoc($result);

if (mysql_num_rows($result) == 0) {
echo('Invalid User');
} else if(($row = mysql_fetch_assoc($result)) && ($row['password']==$password)) {
echo('Welcome');
} else {
echo('Error: Bad password');
}


}
mysql_close();
?>

Why have you got a call to mysql_fetch_assoc() twice? You don't need the first one. If you leave that there thin it will take the first row and then it will be at the en of the result set.

doh!

i was trying some stuff out before and forgot to remove that :-/

ok were all fixed up now! While i remmber, can you send someone to another page wth php?

or should i just do it with jSCRIPT?

Originally posted by Pino
doh!

i was trying some stuff out before and forgot to remove that :-/

ok were all fixed up now! While i remmber, can you send someone to another page wth php?

or should i just do it with jSCRIPT?
You can send a location header.

header('Location: url');