On Mar 14, 2008, at 1:44 PM, TG wrote:
What error are you getting? Maybe there's some way to fix that too.
The error I get without checking the row count is this:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'order by LName' at line 1
Just remember that errors and notices are like pain. It usually means
there's something wrong. If you're getting an error, there may be a
better
way of doing waht you're doing.
Ideally, you should get zero results if there's no match in the user
database.
Typically for a user lookup, you might do something like this:
SELECT <whatever> FROM usertable WHERE username = '<username>' AND
password =
'<password>'
Which is very simular to what I have:
$loginQuery = "SELECT * FROM current WHERE loginName='".$user."' AND
loginPassword='".$password."' LIMIT 0,1;";
$loginResult = mysqli_query($link1, $loginQuery) or die("Wrong data
supplied or database error" .mysqli_error($link1));
If you get zero results, then they don't exist OR they entered the
wrong
password.
If you get more than one result, then you have a duplicate account.
If you have duplicate usernames, then you won't get multiple matches
unless
the passwords are also duplicated.
Say, for example, you have a duplicated username but different
passwords:
user: me
pass: pass1
user: me
pass: pass2
Then login will succeed if they use me/pass1 OR me/pass2 but each
way,
you'll still only get one result from your db query.
btw.. before someone rails me for not mentioning security...
typically you'd
store the passwords encrypted or hashed (one-way md5 or something)
then you
encrypt or hash the password the same when the user is logging in and
compare them to the DB. That way, you don't store the password in
plaintext and you can still check to see if the right password is
entered.
Which I have complete with some $salt added :)
example:
user: me
pass: pass1
md5(pass1): laksro2i3 (fake md5.. lazy :)
user logs in with:
user: me
pass: pass1
system runs md5(pass1) and gets laksro2i3 again. it matches what's
in the
DB, so therefore is the correct password.
Anyway.. main point is.. if you're getting errors, try to fix
them. If
you're getting multiple results on your user check, you may have bad
input/uniqueness checking or you may be implementing your user
system not
as logically as you could.
It was the error, rather then multiple accounts that I'm checking for.
I'm not advanced enough in my programming ability to implement a true
multi user envriomnent where user1/pass1 is different from user1/
pass2 :)
-TG
----- Original Message -----
From: Jason Pruim <japruim@xxxxxxxxxx>
To: "TG" <tg-php@xxxxxxxxxxxxxxxxxxxxxx>
Cc: "PHP General List" <php-general@xxxxxxxxxxxxx>
Date: Fri, 14 Mar 2008 13:00:11 -0400
On Mar 14, 2008, at 12:51 PM, TG wrote:
The username's will be unique... Still need to make that change to
the
DB but they will be.
The main reason I'm doing it this way, is if I don't put in some kind
of a check on the authentication then it pops up a mysql error saying
that there is a problem with my syntax... instead of NOT logging
them
in... So I thought if I checked to make sure that the query only
returned 1 row, it would match up and I could do some error checking
based on that...
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424-9337
www.raoset.com
japruim@xxxxxxxxxx
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
