astralaaron Posted May 17, 2007 Share Posted May 17, 2007 $log = mysql_query("UPDATE members SET log = log + 1 WHERE user = '$user' AND password = '$pw' ");if(!$log){die('error: ' mysql_error());}the code does not die but the log field does not get +1log is the name of the field in my database that I need to set to 1.. i triedSET log = 1 how can I do that? whats wrong with my syntax? Link to comment Share on other sites More sharing options...
justsomeguy Posted May 17, 2007 Share Posted May 17, 2007 The syntax is fine, are you sure the where clause matches? Try the query on the db server. Link to comment Share on other sites More sharing options...
astralaaron Posted May 17, 2007 Author Share Posted May 17, 2007 i just did the same query in phpMyAdminUPDATE members SET log = log + 1 WHERE user = '449a36b6689d841d7d27f31b4b7cc73a' AND password = 'b0baee9d279d34fa1dfd71aadb908c3f';it did not return an error, but it still did not update the log field!i have the log field default to 0.. is that causing a problem? Link to comment Share on other sites More sharing options...
astralaaron Posted May 17, 2007 Author Share Posted May 17, 2007 hmm.. i changed it to $log = mysql_query("UPDATE members SET log = log + 1 WHERE user = '$user'");and left out the password and it worked.. even though the password was correct? wierd.. but its okay this is fine. Link to comment Share on other sites More sharing options...
justsomeguy Posted May 17, 2007 Share Posted May 17, 2007 That's a ###### of a username.I can't say that? bah Link to comment Share on other sites More sharing options...
astralaaron Posted May 17, 2007 Author Share Posted May 17, 2007 That's a ###### of a username.I can't say that? bahit was md5()'d Link to comment Share on other sites More sharing options...
henryhenry Posted May 18, 2007 Share Posted May 18, 2007 I found some php functions have a character limit for the parameters. Maybe mysql_query can only take a certain number of characters in each parameter. In this case your query with two md5 values may have exceeded the limit. When you removed the password, the number of characters might have been low enough. If you substitute with a variable it might work? Link to comment Share on other sites More sharing options...
zppblood Posted May 18, 2007 Share Posted May 18, 2007 If you used md5() for your password in the db, then make sure you have md5($_POST['pass']). Link to comment Share on other sites More sharing options...
astralaaron Posted May 18, 2007 Author Share Posted May 18, 2007 If you used md5() for your password in the db, then make sure you have md5($_POST['pass']).yeah I know this :-) Link to comment Share on other sites More sharing options...
Mr_CHISOL Posted May 20, 2007 Share Posted May 20, 2007 I can't still get this (as I wrote in another thread...) why (oh why???) do you encrypt the username?????? Link to comment Share on other sites More sharing options...
zppblood Posted May 20, 2007 Share Posted May 20, 2007 I can't still get this (as I wrote in another thread...) why (oh why???) do you encrypt the username??????Maybe he has it like w3schools forum where you can use a different name to sign-in? Link to comment Share on other sites More sharing options...
astralaaron Posted May 20, 2007 Author Share Posted May 20, 2007 I can't still get this (as I wrote in another thread...) why (oh why???) do you encrypt the username??????lol I was recomended by people here on the forums to md5 the username / password Link to comment Share on other sites More sharing options...
Nim199 Posted May 20, 2007 Share Posted May 20, 2007 I am in no way an expert, but it might be worth incrementing it with '++'.If this is utter nonsence (which it probably is) please tell me! Link to comment Share on other sites More sharing options...
astralaaron Posted May 20, 2007 Author Share Posted May 20, 2007 I am in no way an expert, but it might be worth incrementing it with '++'.If this is utter nonsence (which it probably is) please tell me!SET log = log + 1 works fine** but the whole Idea i had to show how many users are online turned out to be a bad one as 'Justsomeguy' pointed out. most people leave the website without logging out so they would not get the SET log = log - 1 on the logout page.. :-( Link to comment Share on other sites More sharing options...
zppblood Posted May 20, 2007 Share Posted May 20, 2007 lol I was recomended by people here on the forums to md5 the username / passwordIt is a good idea to hash the password (it's better to use other ones such as sha1,sha256,whirlpool, etc.), but the username is probably not necessary if it is for something like a forum where you see the names of the users unless you have them sign in with a different name. Link to comment Share on other sites More sharing options...
astralaaron Posted May 20, 2007 Author Share Posted May 20, 2007 It is a good idea to hash the password (it's better to use other ones such as sha1,sha256,whirlpool, etc.), but the username is probably not necessary if it is for something like a forum where you see the names of the users unless you have them sign in with a different name.i actually have the unhashed username stored in another field so I can display the name lol.. the one that is hashed is strtolower()and when the user types in the username it is strtolower() to make it so if they type john as JoHN they will still loginbut the username that is displayed is like when they registerd.. so if they registerd as JoHn and login as john. it will display JoHn Link to comment Share on other sites More sharing options...
Mr_CHISOL Posted May 20, 2007 Share Posted May 20, 2007 Yeah, but there's still no good reason to encrypt the username, once you have encryptet the username you can't get it in plain text again.Here some problems that I know would bug me...Can't extract the username from the dbWhen listing it's nice to be able to seperate different users (except for the id): users can have the same (full) name, and/or the same email (not usual to have the same emal, but it happens...)Identify the user (other than by the id)As a user:Can't see what my username isetcDo you know any good reasons to why encrypt the username?? (cause I don't......)Edit: response on asralaarons last post: you can accomplish that without encrypting the username or use two fields with the same value (except for case) Link to comment Share on other sites More sharing options...
astralaaron Posted May 20, 2007 Author Share Posted May 20, 2007 Yeah, but there's still no good reason to encrypt the username, once you have encryptet the username you can't get it in plain text again.Here some problems that I know would bug me...Can't extract the username from the dbWhen listing it's nice to be able to seperate different users (except for the id): users can have the same (full) name, and/or the same email (not usual to have the same emal, but it happens...)Identify the user (other than by the id)As a user:Can't see what my username isetcDo you know any good reasons to why encrypt the username?? (cause I don't......)Edit: response on asralaarons last post: you can accomplish that without encrypting the username or use two fields with the same value (except for case)no i dont know any good reason, i wasnt really given the reason someone(dont remember exactly who) told me its a good idea to do it.. so i listened. but in future jobs I will just encrypt the password Link to comment Share on other sites More sharing options...
zppblood Posted May 20, 2007 Share Posted May 20, 2007 The way you described it doesn't make any sense. It just takes up more space doing it that way. If you want to get the username from the db like they registered instead of what they typed to login, just get the info from the db and put it in the session instead of $_POST. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.