morrisjohnny Posted April 4, 2007 Share Posted April 4, 2007 i though i would jsut ask here as it is almost relavent to the topic thread.I'm having problems check when users try to log in.I'm using post okay for form transferwhen the user enters their details username is what the input type is(for their username)butt is for password (the users input password on the log-in page)pazzword is the database storage for users passwords while login is where the usersname are store in a table called users under the database mtThis has been solved I now have have another problem 8above here*Heres the code which is causing the error: mysql_select_db("mt",$con);$sql="INSERT INTO users (ID, login, pazzword, mail, dosh) VALUES(",'$_POST[username]','$_POST[######]''$_POST[email]''1000000')";if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } I get the error message Parse error:parse errpr, unxpected ',' In [drectory] on line 12line 12 is (",'$_POST[username]','$_POST[######]''$_POST''1000000')";the bit in red is causeing the error but is that not how to input the ID if the ID is auto_increment?please help i would be very greatful. Thanks-Johnny Link to comment Share on other sites More sharing options...
justsomeguy Posted April 4, 2007 Share Posted April 4, 2007 To use an automatic value, like auto-increment or a default, just leave out the column. $sql="INSERT INTO users (login, pazzword, mail, dosh) VALUES('$_POST[username]', '$_POST[######]', '$_POST[email]', '1000000')"; Also, if you want to enter an empty string, you use two single quotes, not one double quote. You also missed a couple other commas, look at my version vs. yours. Link to comment Share on other sites More sharing options...
morrisjohnny Posted April 4, 2007 Author Share Posted April 4, 2007 To use an automatic value, like auto-increment or a default, just leave out the column.$sql="INSERT INTO users (login, pazzword, mail, dosh) VALUES('$_POST[username]', '$_POST[######]', '$_POST[email]', '1000000')"; Also, if you want to enter an empty string, you use two single quotes, not one double quote. You also missed a couple other commas, look at my version vs. yours. Cheers, works Like a charm Link to comment Share on other sites More sharing options...
morrisjohnny Posted April 4, 2007 Author Share Posted April 4, 2007 i though i would jsut ask here as it is almost relavent to the topic thread.I'm having problems check when users try to log in.I'm using post okay for form transferwhen the user enters their details username is what the input type is(for their username)butt is for password (the users input password on the log-in page)pazzword is the database storage for users passwords while login is where the usersname are store in a table called users under the database mt Link to comment Share on other sites More sharing options...
justsomeguy Posted April 4, 2007 Share Posted April 4, 2007 I'm having problems understanding you, apparently butt is for password? What's the question? Link to comment Share on other sites More sharing options...
morrisjohnny Posted April 4, 2007 Author Share Posted April 4, 2007 I'm having problems understanding you, apparently butt is for password? What's the question?basicly i 'm not sure how to compare to variables like the username and password the user put in the input boxes and the onces already in the database.I have no idea how to do this I would be even more greatful if you would help/tell me understand this. Link to comment Share on other sites More sharing options...
justsomeguy Posted April 5, 2007 Share Posted April 5, 2007 You need to use a select statement to get users matching whatever they enter, and then determine how many users you found. If you found 0, the login failed. Also, to help avoid a SQL attack, you will want to escape all of the input in your insert query: $sql="INSERT INTO users (login, pazzword, mail, dosh) VALUES('" . mysql_real_escape_string($_POST['username']) . "', '" . mysql_real_escape_string($_POST['######']) . "', '" . mysql_real_escape_string($_POST['email']) . "', '1000000')"; Then, assuming that the user they entered is in a variable called $username, and the password is in $password, you would check if they are valid like this: $sql = "SELECT login FROM users WHERE login='" . mysql_real_escape_string($username) . "' AND pazzword='" . mysql_real_escape_string($password) . "'";$result = mysql_query($sql);if (mysql_num_rows($result) == 0) //login failedelse //login succeeded Link to comment Share on other sites More sharing options...
morrisjohnny Posted April 6, 2007 Author Share Posted April 6, 2007 Thank you Justsomeguy you really are helpful.Offtopic but how did u learn all of this did u start when you was young? and just learn over time?self-taught i'm gussing? Link to comment Share on other sites More sharing options...
justsomeguy Posted April 9, 2007 Share Posted April 9, 2007 Programming in general I learned in college, I have a degree in computer science. PHP specifically I learned by myself, but I'm still using most of the concepts I learned in school. Specific techniques I just learned by needing to do them at some point. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now