Inserting in Databases

[morrisjohnny]

i though i would jsut ask here as it is almost relavent to the topic thread.I'm having problems check when users try to log in.I'm using post okay for form transferwhen the user enters their details username is what the input type is(for their username)butt is for password (the users input password on the log-in page)pazzword is the database storage for users passwords while login is where the usersname are store in a table called users under the database mtThis has been solved I now have have another problem 8above here*Heres the code which is causing the error:

mysql_select_db("mt",$con);$sql="INSERT INTO users (ID, login, pazzword, mail, dosh) VALUES(",'$_POST[username]','$_POST[######]''$_POST[email]''1000000')";if (!mysql_query($sql,$con))	{	die('Error: ' . mysql_error());	}

I get the error message Parse error:parse errpr, unxpected ',' In [drectory] on line 12line 12 is (",'$_POST[username]','$_POST[######]''$_POST''1000000')";the bit in red is causeing the error but is that not how to input the ID if the ID is auto_increment?please help i would be very greatful. Thanks-Johnny

[justsomeguy]

To use an automatic value, like auto-increment or a default, just leave out the column.

$sql="INSERT INTO users (login, pazzword, mail, dosh) VALUES('$_POST[username]', '$_POST[######]', '$_POST[email]', '1000000')";

Also, if you want to enter an empty string, you use two single quotes, not one double quote. You also missed a couple other commas, look at my version vs. yours.

[morrisjohnny]

To use an automatic value, like auto-increment or a default, just leave out the column.

$sql="INSERT INTO users (login, pazzword, mail, dosh) VALUES('$_POST[username]', '$_POST[######]', '$_POST[email]', '1000000')";

Also, if you want to enter an empty string, you use two single quotes, not one double quote. You also missed a couple other commas, look at my version vs. yours.

Cheers, works Like a charm

[morrisjohnny]

i though i would jsut ask here as it is almost relavent to the topic thread.I'm having problems check when users try to log in.I'm using post okay for form transferwhen the user enters their details username is what the input type is(for their username)butt is for password (the users input password on the log-in page)pazzword is the database storage for users passwords while login is where the usersname are store in a table called users under the database mt

[justsomeguy]

I'm having problems understanding you, apparently butt is for password? What's the question?

[morrisjohnny]

I'm having problems understanding you, apparently butt is for password? What's the question?

basicly i 'm not sure how to compare to variables like the username and password the user put in the input boxes and the onces already in the database.I have no idea how to do this I would be even more greatful if you would help/tell me understand this.

[justsomeguy]

You need to use a select statement to get users matching whatever they enter, and then determine how many users you found. If you found 0, the login failed. Also, to help avoid a SQL attack, you will want to escape all of the input in your insert query:

$sql="INSERT INTO users (login, pazzword, mail, dosh) VALUES('" . mysql_real_escape_string($_POST['username']) . "', '" . mysql_real_escape_string($_POST['######']) . "', '" . mysql_real_escape_string($_POST['email']) . "', '1000000')";

Then, assuming that the user they entered is in a variable called $username, and the password is in $password, you would check if they are valid like this:

$sql = "SELECT login FROM users WHERE login='" . mysql_real_escape_string($username) . "' AND pazzword='" . mysql_real_escape_string($password) . "'";$result = mysql_query($sql);if (mysql_num_rows($result) == 0)  //login failedelse  //login succeeded

[morrisjohnny]

Thank you Justsomeguy you really are helpful.Offtopic but how did u learn all of this did u start when you was young? and just learn over time?self-taught i'm gussing?

[justsomeguy]

Programming in general I learned in college, I have a degree in computer science. PHP specifically I learned by myself, but I'm still using most of the concepts I learned in school. Specific techniques I just learned by needing to do them at some point.