SELECT issue

[paulbradley]

I am making a login function where a user enters a username and password. This is looked up and then a result is displayed if they have the password correct. I have the following code:

query = "SELECT password FROM users WHERE username = $username";
$result = mysql_query($query);

if ($result == $password) {
echo "your signed in";
}
else
{
echo "oops! wrong password";
}

But it always outputs that the password was wrong when I know it was right - any ideas? Thanks in advance.

 

[paulbradley]

PS the query word in line 1 does have a '$' before it! Just didn't copy.

 

[TonyGroves]

Is this PHP?

I'm not a PHP user, but as far as I know, the mysql_query function returns a result code indicating success or failure, but the result set must be accessed using mysql_fetch_array().

 

[guestgulkan]

MySQL passwords are stored in encrypted form.

 

[r937]

unless username is a numeric datatype, you'll want to put single quotes around $username

rudy | r937.com | Ask the Expert | Premium SQL Articles
SQL for Database-Driven Web Sites (next course starts March 6 2005)

 

[ericbrunson]

And the simplest test for bad sql? Print it out and paste it into the mysql shell!

 

[felix1the2cat]

Hi Guys.. I am trying to run this query with SQLyog with MYSQL. SQLyog is a GUI for Mysql connection. You can run SQL command inside the GUI.

I would like to select all information insert into the database from 1/1/2005 till now.

A friend of mine ask me to try..

select * from `testingTable`.`customers` where date_cr > to_date('20050101'YYYYMMDD')

But the command didn't work. Can someone tell me the correct format for this???

Thanks

Felix

 

[TonyGroves]

You should re-post that as a new thread. We wouldn't want to divert attention from the original problem, would we?

 

[paulbradley]

I've put '' around the $username variable so my code now looks like this:

$result = mysql_query("SELECT password FROM users WHERE username = '$username'");

if ($result == $password) {
echo "your signed in";
}
else
{
echo "oops! wrong password";
}

but still always returning that the password is incorrect. Any more ideas? thanks

 

[ericbrunson]

Read TonyGroves first post and try to understand it.

 

[pgferro]

If you want to stick at all cost with mysql_query :

$result = mysql_query("SELECT * FROM users WHERE username = '$username' AND password='$password'");

if ($result) {
echo "your signed in";
}
else
{
echo "oops! wrong password";
}

Of course you should validate the username and password against sql injection before performing this query.

By the way, this thread should have been moved to PHP
--
PG

 

[r937]

agreed (except for the syntax error in the sql)

rudy | r937.com | Ask the Expert | Premium SQL Articles
SQL for Database-Driven Web Sites (next course starts March 6 2005)