Jump to content

where clause error... ideas?...


rootKID

Recommended Posts

ok, just quick... im getting this when trying to login: Unknown column 'e5035533a816cac4c54012281f58543d' in 'where clause' and this is my takelogin.php file:

/*==========RUN LOGIN PROCEDURE===============*/$uname = sqlesc($_POST['username']); /*Form Names...*/$pass = sqlesc($_POST['password']); /*Form Names...*/if(isset($pass)){$passhash = md_5($pass); /*Securing The Data...*/}$query = "SELECT * FROM users WHERE username = $uname AND passhash = $passhash AND enabled = 'yes' AND status = 'confirmed'";$query_result = mysql_query($query)or die(mysql_error());//Running query to the DB...if(mysql_num_rows($query_result) == 1)/*if the DB returns somfthing, then run...*/{$row = mysql_fetch_array($query_result);$_SESSION['uid'] = $row['u_id'];$_SESSION['username'] = $row['username'];$_SESSION['pass'] = $row['passhash'];$_SESSION['status'] = $row['status'];$_SESSION['enabled'] = $row['enabled'];$_SESSION['email'] = $row['email'];$_SESSION['ip'] = $row['ip'];$_SESSION['class'] = $row['class'];$_SESSION['time_offset'] = $row['time_offset'];$_SESSION['dst_in_use'] = $row['dst_in_use'];$_SESSION['auto_correct_dst'] = $row['auto_correct_dst'];header('Refresh: 3; url=index.php');//with time delay...}else/*Error messeage...*/{$HTMLOUT .= "<center>Error reading login-session coding base, or a wrong username/pass inserted...</center>";header('Refresh: 3; url=index.php');//with time delay...}/*==========RUN LOGIN PROCEDURE===============*/

any ideas? Oo...

Edited by rootKID
Link to comment
Share on other sites

looks like you are using $passhash in place of column name. though your code looks ok. you can dump the query to see how does it look. also you need to quote around $passhash as it is string

Link to comment
Share on other sites

well, the quotes helped alot... now its going into the page at least and loading, but im getting this error: (Error reading login-session coding base, or a wrong username/pass inserted...)..) and i have checked the database... it should be just fine... no ideas why its giving me that error... i have used session_start and ob_start on each and one file that was needed... so it should be giving me at least a session running for the sessions im trying to get out...

Edited by rootKID
Link to comment
Share on other sites

ohh... s-h-i-t...just realized that i checked the wrong database, and when i chose the right one, the users was empty... oops... anyways, i have now rechecked, and still doing the same thing, i just dont get it...the code is looking just fine in my eyes...

Edited by rootKID
Link to comment
Share on other sites

anyways, i have now rechecked, and still doing the same thing, i just dont get it...
I don't understand what the confusion is. If the error message in the else block is showing, then the if statement is false. That means the database did not return any records. That means the query did not match any records. There's nothing mysterious about it, that's all there is to it. Apparently the data you're putting into the query does not match the data in the database.
Link to comment
Share on other sites

is your password column actually called passhash?
yeah, why?... and yes jsg... i understand that part hehe :P, but what i dont understand is that the password (Should) be the same since im taking the passhash variable and making a MD5 on it before checking with the query... so it should be a match... Edited by rootKID
Link to comment
Share on other sites

shouldn the variables in the query be in single quotes.....?

$query = "SELECT * FROM users WHERE username = $uname AND passhash = $passhash AND enabled = 'yes' AND status = 'confirmed'";

im just a n00b but shooting any way.....:s

Link to comment
Share on other sites

yeah, why?... and yes jsg... i understand that part hehe :P, but what i dont understand is that the password (Should) be the same since im taking the passhash variable and making a MD5 on it before checking with the query... so it should be a match...
tbat's a lot of should's. what debugging/logging have you done to actually confirm what is happening though? echo'd the query? echo'd the md5 hash? visually compared that to what's in the database? don't guess, debug.
Link to comment
Share on other sites

well... i have done as you said, even tho i did do it last night, but anyhow. i tested with these in the code:

$HTMLOUT .= "Username = " . $uname . "<br />";$HTMLOUT .= "pass = " . $pass . "<br />";$HTMLOUT .= "MD5 pass = " . $passhash . "<br />";$HTMLOUT .= $query_result . "<br />";

just for seeing if i got lucky, and i did not.i compared like you said with the user(s) in the Database... still nothing... Screen of what is happening: ATTACHED... so i know you were saying that you dont wonna hear me say it, but im saying anyhow. it (should) work as i see this...any idea, im a little bit lost Oo...

Link to comment
Share on other sites

you should check the value which you are using to compare in if statement. have you checked how many rows it is printing? You can also copy paste the query in phpmyadmin to see the results instantly.

Link to comment
Share on other sites

im getting this error in phpmyadmin Unknown column 'Hyperion' in 'where clause' if im using this sql SELECT * FROM users WHERE username = 'Hyperion' AND passhash = 'e5035533a816cac4c54012281f58543d' AND enabled = 'yes' AND status = 'confirmed' ???

Link to comment
Share on other sites

  • 2 weeks later...

sorry for late reply all..i have finded a solution on everything! :)...

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...