Trade in those commas around your $_POST['username'] for some periods. Rich > -----Original Message----- > From: Aaron Todd [mailto:aaloki88@xxxxxxxxxxx] > Sent: Monday, July 19, 2004 2:08 PM > To: php-db@xxxxxxxxxxxxx > Subject: Re: Begining PHP...Have Questions > > > That makes great sence, however when I tried using $_POST in my SQL > statement it would not work. > > This works fine: > $query = "SELECT * FROM users WHERE email='".$username."'"; > But this one doesnt at all: > $query = "SELECT * FROM users WHERE email='",$_POST['username'],"'"; > > It does however work for all the echo commands and It is > also correct when > I echo the statement: > echo "SELECT * FROM users WHERE email='",$_POST['username'],"'"; > > Am I missing something? > > Thanks again, > > Aaron > > > > > "Justin Patrin" <papercrane@xxxxxxxxx> wrote in message > news:432beae04071910563e6199ed@xxxxxxxxxxxxxxxxx > > You should generally $_POST for all posted variables, $_GET for all > > "get" variables (in the query string / url), and the other > > superglobals for other such things. If you don't care if it's POST, > > GET, or a cookie, you can use $_REQUEST. > > > > register_globals is a setting in your php.ini. It's best practice to > > set this to "off". What this means for you is that variables sent by > > the user are not registered as global variables. i.e. $username will > > no longer work, you have to use $_POST['username']. Search the php > > lists for lots more discussion on this matter. > > > > For more on superglobals: > > http://www.php.net/manual/en/language.variables.predefined.php > > For the list archives, click the "Archive" links here: > > http://www.php.net/mailing-lists.php > > > > On Mon, 19 Jul 2004 13:27:15 -0400, Aaron Todd > <aaloki88@xxxxxxxxxxx> > wrote: > > > Jon, > > > > > > Thanks for the info. I did change the LIKE to =. This > was done just > for my > > > debugging. I do have it set to = on a normal basis. > > > > > > I am a little unsure what you mean at the end of your reply about > register > > > globals. Are you saying that everywhere I use $username > to refer to the > > > users inputed username I should use $_POST['username'] > instead? Or are > you > > > suggesting to use this in one location. > > > > > > Thanks again for the reply, > > > > > > Aaron > > > > > > "Jonathan Haddad" <jon@xxxxxxxxxxxxxxxxx> wrote in message > > > news:40FC00A8.1080402@xxxxxxxxxxxxxxxxxxxx > > > > > > > > > > if you have shell access, please do the following > > > > > > > > describe users; > > > > select * from users; > > > > > > > > also, why are you using LIKE instead of =? > > > > use this instead: > > > > > > > > $query = "SELECT * FROM users WHERE email = '".$username."'"; > > > > > > > > i would also suggest turning off register globals and using > > > > $_POST['username'] and not $username. (i'm assuming > it's on given your > > > code) > > > > > > > > Jon > > > > > > > > Aaron Todd wrote: > > > > > > > > >I am just starting out with PHP and I have created a > simple login > program > > > > >that is supposed to check users input with a mysql > database. I am > doing > > > 5 > > > > >verifications before the program is completed...Check > for the Submit > > > button, > > > > >check for a valid email address(which is the > username), check for a > valid > > > > >password, check to see if the username exists in the > database, and > > > finally > > > > >check to see if the password matches the database for the > coresponding > > > > >username. Currently you dont get access to a site you > only get told > what > > > > >your password is in the database. > > > > > > > > > >Everything is technically working, but its not perfect > and I think I > need > > > > >some help. I have entered 2 records in the database > for testing > > > purposes. > > > > >When I put in username1 and password1 it works. The > program returns > the > > > > >coresponding password. When I change to username2 and > still put in > > > > >password1 it will return password1. > > > > > > > > > >I have done some debuging and I am unsure of what is really > happening. > > > My > > > > >code is below. Would anyone be able to tell me what I am doing > wrong. > > > > > > > > > >Thanks, > > > > > > > > > >Aaron > > > > > > > > > ><html> > > > > ><body> > > > > ><?php > > > > >if ($submit) { > > > > > //VALID USERNAME/EMAIL ADDRESS > > > > > if > > > > > > > > >(!ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+'.'@'.'[!#$%&\'*+ > \\/0-9=?A-Z^_` > > > a > > > > >-z{|}`]+\.'.'[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$', > $username)) { > > > > > $error = "You must enter a valid email address for your > > > username.<br>"; > > > > > echo "$error<br>"; > > > > > } else { > > > > > $db = mysql_connect("localhost", "username", "password"); > > > > > mysql_select_db("database",$db); > > > > > $query = "SELECT * FROM users WHERE email LIKE > '".$username."'"; > > > > > echo "$query<br>"; > > > > > $result = mysql_query($query,$db); > > > > > $num_rows = mysql_num_rows($result); > > > > > echo "There are $num_rows records matching $username<br>"; > > > > > //VALID PASSWORD > > > > > echo "Entered User Name: $username<br>"; > > > > > echo "Entered Password: $passw<br>"; > > > > > if (strlen($passw) < 6 || !preg_match('/[a-z]/i', > $passw) || > > > > >!preg_match('/[0-9]/', $passw)) { > > > > > $error = "Invalid Password. Must be greater than six > characters > > > > >containing at least one number.<br>"; > > > > > echo "$error<br>"; > > > > > } else { > > > > > //USERNAME/EMAIL ADDRESS IN DATABASE > > > > > if (!$num_rows){ > > > > > $error = "Username was not found. Please Register."; > > > > > echo "$error<br>"; > > > > > die(mysql_error()); > > > > > } else { > > > > > //ENTERED PASSWORD IN DATABASE > > > > > if (!$passw = mysql_result($result,0,"pass")){ > > > > > $error = "Invalid Password.<br>"; > > > > > echo "$error<br>"; > > > > > } else { > > > > > printf("Password is %s<br>\n", > mysql_result($result,0,"pass")); > > > > > } > > > > > } > > > > > } > > > > > } > > > > >} else { > > > > > > > > > > ?> > > > > > > > > > ><form method="post" action="<?php echo $PHP_SELF?>"> > > > > > > > > > > User Name:<input type="Text" name="username"><br> > > > > > > > > > > Password:<input type="Text" name="passw"><br> > > > > > > > > > > <input type="Submit" name="submit" value="Enter information"> > > > > > > > > > > </form> > > > > > > > > > ><?php > > > > > > > > > >} // end if > > > > > > > > > > > > > > >?> > > > > > > > > > ></body> > > > > > > > > > ></html> > > > > > > > > > > > > > > > > > > > > > -- > > > PHP Database Mailing List (http://www.php.net/) > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > > !DSPAM:40fc074a164631045595694! > > > > > > > > > > > > -- > > DB_DataObject_FormBuilder - The database at your fingertips > > http://pear.php.net/package/DB_DataObject_FormBuilder > > > > paperCrane --Justin Patrin-- > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
