2007. 09. 5, szerda keltezéssel 16.31-kor Brian Welter ezt írta: > I have the following code and it doesn't behave properly but I can't find my > error. The code is designed to validate user login. When I pass in an > invalid email name to the checkLogin function it returns a result, not FALSE > as the documentation describes. I can SELECT * from the table being used and > read out all of the data so I know that the DB connection is valid and that > I can compose a valid query. I have looked and looked at this code and can > find no error, does anyone see an error here. When the check if (!$result) > fails i.e. even thought the email/password are not in the db a none zero > result is returned, the calls to mysql_fetch_assoc () return empty strings. > The only clue I may have is that when I call mysql_free_result($result) I > get a warning saying that $result is not a valid resource. I sure I'm doing > something stupid but I just can't see it. Any help would be great! > I don't know what is causing your problems but I put some comments below in your code > > > > > <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" > "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> > > <html xmlns="http://www.w3.org/1999/xhtml";> > > <head> > > <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> > > <title>Untitled Document</title> > > </head> > > > > <body> > > <?php > > global $db; > > > > $db = mysql_connect('localhost', 'xxxx', 'xxxx', 'xxxx'); > > if (!$db) { > > die("Unable to connect to database: ". > mysql_connect_error()); > > } > > $selected = mysql_select_db("xxxx", $db) or die( "Unable to > select database"); > > if (checkLogin(sam@xxxxxxx', '1')) { > > echo "Success"; > > } else { > > echo "Failure"; > > } > > if(checkLogin('duck', '2') )) { > > echo "Success"; > > } else { > > echo "Failure"; > > } > > > > function checkLogin($e, $p) { > > $ans = 0; > > $emailcheck = $e; > > $passwdcheck = $p; > > $result = 0; > > $query = "SELECT * FROM maillist WHERE > email='$emailcheck' AND passwd='$passcheck'"; here you put $passcheck in the query which does not exist (you create $passwdcheck above). btw, why not call the parameters their real name from the start? these 3 lines: function checkLogin($e, $p) { $emailcheck = $e; $passwdcheck = $p; are the same as: function checkLogin($emailcheck, $passwdcheck) { (I see later you use the variables $e and $p in the echo statements. I suggest decide which to use and use only one - probably the longer names would be better since they inform you about the variable. Imagine if you see this code 3 years later, could you guess what is in $e? And could you guess what is in $emailcheck?) and you don't have to initialise $result to 0, because it will be initialised to the mysql_query return value 2 lines later anyway hope that helps Zoltán Németh > > $result = mysql_query($query); > > if (!$result) { > > echo "<h4>UserName is FALSE name is: > $e<h4>"; > > echo "<h4>Password is FALSE name is: > $p<h4>"; > > $ans = 0; > > } else { > > $row = mysql_fetch_assoc($result); > > $em = $row['email']; > > $pw = $row['passwd']; > > echo "<p>Accepted "; > > echo "User $em "; > > echo "Password $pw</p>"; > > $ans = 1; > > } > > return($ans); > > } //checkLogin > > mysql_free_result($result); > > mysql_close($db); > > ?> > > </body> > > </html> > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
