/    Sign up×
Community /Pin to ProfileBookmark

Checking query

Copy linkTweet thisAlerts:
Aug 06.2005

Hi, I’m putting the finishing touches on a login script, which searches for the given username in the mysql database, and checks if the password matches. If the password matches it redirects to the members area, otherwise it redirects back to the login page.

However, if the username is not a correct username, it prints out an error instead of redirecting to the loginpage again. How can I stop it producing an error if it can’t find the username in the database?

This is part of the login script’s source:

[code=php]
$server=mysql_connect($host,$user,$pass);
mysql_select_db($db_name);

$usernamea=$_POST[‘username’];
$passworda=$_POST[‘password’];

$query=”SELECT password FROM users WHERE username=”$usernamea””;
$result=mysql_query($query);

if($result)
{
$result=mysql_result($result,0);

if($result==$passworda)
{
$query=”UPDATE users SET online=’true'”;
mysql_query($query);
redirectPage(“http://www.google.com”);
}
else
{
redirectPage(“loginpage.php?redir=2”);
}
}
else
{
redirectPage(“loginpage.php?redir=1”);
}
[/code]

to post a comment
PHP

6 Comments(s)

Copy linkTweet thisAlerts:
@agent_x91authorAug 06.2005 — I think I may have just found the answer in another thread. I read that '@' suppresses error reporting - does that mean if I change it to

[code=php]
$result=@mysql_result(mysql_query($query),0)
[/code]

...it will stop the error reporting and just redirect as planned?
Copy linkTweet thisAlerts:
@NogDogAug 06.2005 — I think I may have just found the answer in another thread. I read that '@' suppresses error reporting - does that mean if I change it to

[code=php]
$result=@mysql_result(mysql_query($query),0)
[/code]

...it will stop the error reporting and just redirect as planned?[/QUOTE]
Possibly, but if the error is important, do you want it to?

Here's a quick re-write that may help clear some things up and catch any nastiness before it gets too far along in the script. I wrapped all my comments and a question in "# >>> comment <<<".
[code=php]
<?php
$server=mysql_connect($host,$user,$pass) or
die("Unable to connect to database server"); # >>> just in case <<<
mysql_select_db($db_name) or
die("Unable to connect to database: " . mysql_error()); # >>> ditto <<<
# >>> make sure we got some data in both fields <<<
if(!empty($_POST['username']) and !empty($_POST['password']))
{
$usernamea=$_POST['username'];
$passworda=$_POST['password'];
# >>> note, password is reserved MySQL function name, so back-quote
# the column named password. In fact, just always back-quote column
# and table names, just in case. Also, you can check for username and
# password match all in one step <<<
$query="SELECT * FROM users WHERE username='$usernamea' AND password='$passworda'";
$result=mysql_query($query);
# >>> make sure query worked and we got exactly one match <<<
if($result and mysql_num_rows($result) == 1)
{
# >>> added WHERE clause so we only update this user <<<
$query="UPDATE users SET online='true' WHERE username='$usernamea'";
mysql_query($query); # >>> what happens if this fails? Does it ever get unset? <<<
redirectPage("http://www.google.com");
}
else
{
redirectPage("loginpage.php?redir=2");
}
}
else
{
redirectPage("loginpage.php?redir=1");
}
?>
[/code]
Copy linkTweet thisAlerts:
@agent_x91authorAug 06.2005 — Possibly, but if the error is important, do you want it to?
[/QUOTE]

Well, it seems to work when I use '@' to turn off the error reporting on that statement. The error I'm blocking isn't important, it just didn't like the fact that it couldn't find a row with username set to the invalid username given. When that's blocked, it instead redirects it back to the loginpage and states that it was an incorrect username.

Thanks for the script NogDog, but since mine seems to work now I'll stick to mine. I did however notice that you changed the query which changes whether the user is set to online or offline, which I overlooked. I made that change. I assume that the query I was using before set [B]everyone[/B] to online, which was not what I wanted.
Copy linkTweet thisAlerts:
@pointfiftyaeAug 06.2005 — Is it better to use a database or sessions for a login/logout system ?
Copy linkTweet thisAlerts:
@agent_x91authorAug 06.2005 — I'm probably going to be using a combination of a database and sessions.
Copy linkTweet thisAlerts:
@pointfiftyaeAug 06.2005 — Sorry, I wasn't clear enough...

Is it ok to use a database for the status of the user (logged in/logged out) ? Aren't sessions made for things like that ?
×

Success!

Help @agent_x91 spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.17,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...