Results 1 to 2 of 2

Thread: Whats wrong with this code

  1. May 8th, 2014, 11:59 PM #1
    hafizfarooq
    hafizfarooq is offline

    Thread Starter
    Fanatic Member
    Join Date
    May 2004
    Location
    Quetta-Pakistan
    Posts
    852

    Whats wrong with this code

    Hi,
    I am very new in PHP and mySQL, I am unable to show the list of users in my database. Please check this code
    Code:
    <?php 

    $username=htmlspecialchars($_POST['txtUser']);
    $password=htmlspecialchars($_POST['txtPass']);
 
    echo "My User Name : " . $username . "<br/>";
    echo "My password  : " . $password;
    echo "<hr>";
//    echo "User Name : " . htmlspecialchars($_POST['txtUser']);

    $host = "localhost";
    $user = "root";
    $pass = "";
    $dbname = "inve";
    
    echo "<br/>";
    
    $Conn = mysql_connect($host,$user,$pass)  
    or die("Unable to connect to MySQL");
    
    $selectdb = mysql_select_db($dbname,$Conn);
    
    $sql = "Select UName, UPass from Users where UName = '$username' AND uPass='$password'";
    echo $sql;
    echo "<br>";
    
    $result=mysql_query($sql);
    $row=mysql_fetch_array($result);
    $count=mysql_num_rows($result);
    
    echo $count;
    echo "<br>";
    
    if ($count >= 1) {
    session_start();
        echo "My User Name : " . $username . "<br/>";
        echo "My password  : " . $password;
    } else {
        echo "Invalid User";
    }
    
  echo "<br/>" . "<br>";
  
   
    while($row = mysql_fetch_array($result)) {
      echo $row['UName'] . " " . $row['UPass'] . " " . $row['Uid'];
      echo "<br>";
    }
?>
    Last edited by hafizfarooq; May 9th, 2014 at 12:24 AM.
    Reply With Quote Reply With Quote
  2. May 9th, 2014, 05:01 AM #2
    Evil_Giraffe
    Evil_Giraffe is offline
    PowerPoster Evil_Giraffe's Avatar
    Join Date
    Aug 2002
    Location
    Suffolk, UK
    Posts
    2,555

    Re: Whats wrong with this code

    First of all you execute a SELECT query that is expected to only return a single row.
    You get the first row into an array, and do the session stuff.

    You then try and output the remaining rows. Clearly, with a maximum of one row expected to be returned, this is not going to do anything.

    Did you mean to run a second query to retrieve all users?

    On a more general note, there are several bigger picture problems with the code.
    - Separation of concerns! Mixing HTML output and application logic all together in a slush like that is asking for trouble.
    - The mysql_ functions are part of a deprecated library, it is recommended to use either the MySQLi or the PDO libraries.
    - The password shouldn't be stored in the database in such a way that you can retrieve it. It should be salted and hashed in a secure manner. Please don't try and roll your own security!
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


Click Here to Expand Forum to Full Width