Menu
Community /Pin to ProfileBookmark
@NogDogAug 02.2005 — #"password" is a reserved work in MySQL. It's always best to
(It was also missing the final single quote after $pass.)@NogDogAug 03.2005 — #
It's not the form field name that's the problem, it's the database column name. Since "password" is a MySQL function name, when specifying a column with the same name you must quote it with "backwards quote" characters so that MySQL knows it's an identifier and not a function name.
The safe way to write your SQL is to enclose [b][i]all[/i][/b] column names and table names in backward quotes (sometimes called back-ticks), as in the example I provided above.
login script problem pls HELP
hello everyone
i seem to be having some problems with my login page, not sure why i keep getting the error which is listed below… i have done echo statements so i know it connects to the database however i guess what am confused about is the start of the validate.php where the line of code $pass =sha1($_POST[“password”]); and thats why i think when it does the query it doesnt work i.e. cant find the matching password.
here is my error i get and i have attached a copy of the code… any help appreciated.
error from the browser
connects to the databseruns query
Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in C:webrootvaporatevalidate.php on line 20
access denied: Invalid credentitals.
this code is from login.php
<form name=”form1″ method=”post” action=”validate.php”>
<table width=”200″ border=”1″>
<tr>
<td>trade id:</td>
<td>
<input name=”userid” type=”text” id=”userid”> </td>
</tr>
<tr>
<td>password:</td>
<td><input name=”password” type=”password” id=”password”></td>
</tr>
</table>
<p>
<input name=”login_btn” type=”submit” id=”login_btn” value=”login”>
</p>
</form>
validate.php
<?
/* get the incomming ID and password hash */
$user = $_POST[“userid”];
$pass = sha1($_POST[“password”]);
/* establish a connection with the database */
$server = mysql_connect(“localhost”, “root”, “”);
if (!server) die(mysql_error());
mysql_select_db(“trade”); echo “connects to the databse”;
/*SQL statement to query the databse*/
$query = “SELECT * FROM users WHERE user = ‘$user’ AND password = ‘pass;”;
echo”runs query”;
/*query the database */
$result = mysql_query($query);
/*allow access if a matching record was found, else deny access */
if(mysql_fetch_row($result))
echo “access granted: welcome, $user!”;
else
echo “access denied: Invalid credentitals.”;
mysql_close($server);
?>
error from the browser
connects to the databseruns query
Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in C:webrootvaporatevalidate.php on line 20
access denied: Invalid credentitals.
my error why am i getting this i have setup my database with phpmyadmin,i inserted my own values maybe thats the mistake i’ve taken as i’m not sure whats happening with sha1(password)
Sign in
to post a comment6 Comments(s) ↴
0
@NogDogAug 02.2005 — #"password" is a reserved work in MySQL. It's always best to quote[code=php]
$query = "SELECT * FROM users WHERE user = '$user' AND password = '$pass'";
[/code](It was also missing the final single quote after $pass.)
0
@NogDogAug 03.2005 — #so i shoudl probably change the textfield in the html from password to say pass_input or something along that lines?[/QUOTE]
It's not the form field name that's the problem, it's the database column name. Since "password" is a MySQL function name, when specifying a column with the same name you must quote it with "backwards quote" characters so that MySQL knows it's an identifier and not a function name.
The safe way to write your SQL is to enclose [b][i]all[/i][/b] column names and table names in backward quotes (sometimes called back-ticks), as in the example I provided above.