Login Problem

[Matar]

hi all i make a login script but i have a problemwhen i login with my user and password the script show me invalid login but my login info is corret !!!!this is the code ****<?phpif(!isset($user)||!isset($pass)){echo "error1";}elseif(empty($user)||empty($pass)){echo "error2";}else{$user = ($_POST['user']);$pass = ($_POST['pass']);$con = mysql_connect("localhost");mysql_select_db("log", $con);$sql = mysql_query("select * from info where username = '$user' AND password = '$pass'",$con);$row = mysql_num_rows($sql);if($row > 0){ while($row = mysql_fetch_array($sql)){ session_start(); session_register('user'); echo "welecom $user <br />";} } else{ echo "Incorrect Login";}}?>

[Executer]

You are not using mysql_connect function correctly!And 1 more question: Why'd you put $_POST in (..), only if you were using any kind of security it should go like:htmlspecialchars($_POST['username']);You don't need the (..) in there.

[Matar]

hi this script is simple example ... i don't care about mysql_connect parmeterbecause i work on local host The problem is when i using where cluse when i edit select statement to "select * from info " it is work , but when i using where the script work as empty table although i fill it with users data .

[Executer]

but you must to work with mysql_connect(); correctly:

mysql_connect("localhost", "root", "");

[Little Goat]

you must supply a username and password to connect to the MySQL server. You should have been asked for these when you set up the server.and $user = ($_POST['user']); should be $user = $_POST['user']; without the parentheses.and one more thing. do you even have your login info in the DB? make sure you do.

[Executer]

He uses localhost, I guess his username is 'root' and he doesn't have any password.

[Little Goat]

yeah, that is the default. If you change it during the installation, you need to put that in.

[Matar]

hi all thank you for replay i make all thing you said and the problem is still the code ***<?phpif(!isset($user)||!isset($pass)){echo "error1";}elseif(empty($user)||empty($pass)){echo "error2";}else{$user = $_POST['user'];$pass = $_POST['pass'];$con = mysql_connect("localhost","root","");mysql_select_db("log", $con);$sql = mysql_query("select * from info where username = '$user' AND password = '$pass'",$con);$row = mysql_num_rows($sql);if($row > 0){ while($row = mysql_fetch_array($sql)){ session_start(); session_register('user'); echo "welecom $user <br />";} } else{ echo "Incorrect Login";}}?>****can any one copy and paste this script and try it db name is logtable name is info the field in the database username char(20)password char(20) ******i was try this code without "where" and its work like this select * from info but when is user select * from info where user = '$user' and password = '$pass' not work **** thank u all matar

[mandaksk]

You are checking the $user and $pass without assigning any values to them in condition 1, and 2. Put these lines before and outside the conditions.<?php$user = $_POST['user'];$pass = $_POST['pass'];if(!isset($user)||!isset($pass)){echo "error1";.....?>

[justsomeguy]

Add these lines at the top:ini_set("display_errors", 1);error_reporting(E_ALL);And change this:$con = mysql_connect("localhost","root","");mysql_select_db("log", $con);$sql = mysql_query("select * from info where username = '$user' AND password = '$pass'",$con);to this:$con = mysql_connect("localhost","root","") or echo mysql_error();mysql_select_db("log", $con) or echo mysql_error();$sql = mysql_query("select * from info where username = '$user' AND password = '$pass'",$con) or echo mysql_error();