need this field to + 1

[astralaaron 17]

$log = mysql_query("UPDATE members SET log = log + 1 WHERE user = '$user' AND password = '$pw' ");if(!$log){die('error: ' mysql_error());}the code does not die but the log field does not get +1log is the name of the field in my database that I need to set to 1.. i triedSET log = 1 how can I do that? whats wrong with my syntax?

[justsomeguy 1,135]

The syntax is fine, are you sure the where clause matches? Try the query on the db server.

[astralaaron 17]

i just did the same query in phpMyAdminUPDATE members SET log = log + 1 WHERE user = '449a36b6689d841d7d27f31b4b7cc73a' AND password = 'b0baee9d279d34fa1dfd71aadb908c3f';it did not return an error, but it still did not update the log field!i have the log field default to 0.. is that causing a problem?

[astralaaron 17]

hmm.. i changed it to $log = mysql_query("UPDATE members SET log = log + 1 WHERE user = '$user'");and left out the password and it worked.. even though the password was correct? wierd.. but its okay this is fine.

[justsomeguy 1,135]

That's a ###### of a username.I can't say that? bah

[astralaaron 17]

That's a ###### of a username.I can't say that? bah

it was md5()'d

[henryhenry 0]

I found some php functions have a character limit for the parameters. Maybe mysql_query can only take a certain number of characters in each parameter. In this case your query with two md5 values may have exceeded the limit. When you removed the password, the number of characters might have been low enough. If you substitute with a variable it might work?

[zppblood 0]

If you used md5() for your password in the db, then make sure you have md5($_POST['pass']).

[astralaaron 17]

If you used md5() for your password in the db, then make sure you have md5($_POST['pass']).

yeah I know this :-)

[Mr_CHISOL 0]

I can't still get this (as I wrote in another thread...) why (oh why???) do you encrypt the username??????

[zppblood 0]

I can't still get this (as I wrote in another thread...) why (oh why???) do you encrypt the username??????

Maybe he has it like w3schools forum where you can use a different name to sign-in?

[astralaaron 17]

I can't still get this (as I wrote in another thread...) why (oh why???) do you encrypt the username??????

lol I was recomended by people here on the forums to md5 the username / password

[Nim199 1]

I am in no way an expert, but it might be worth incrementing it with '++'.If this is utter nonsence (which it probably is) please tell me!

[astralaaron 17]

I am in no way an expert, but it might be worth incrementing it with '++'.If this is utter nonsence (which it probably is) please tell me!

SET log = log + 1 works fine** but the whole Idea i had to show how many users are online turned out to be a bad one as 'Justsomeguy' pointed out. most people leave the website without logging out so they would not get the SET log = log - 1 on the logout page.. :-(

[zppblood 0]

lol I was recomended by people here on the forums to md5 the username / password

It is a good idea to hash the password (it's better to use other ones such as sha1,sha256,whirlpool, etc.), but the username is probably not necessary if it is for something like a forum where you see the names of the users unless you have them sign in with a different name.

[astralaaron 17]

It is a good idea to hash the password (it's better to use other ones such as sha1,sha256,whirlpool, etc.), but the username is probably not necessary if it is for something like a forum where you see the names of the users unless you have them sign in with a different name.

i actually have the unhashed username stored in another field so I can display the name lol.. the one that is hashed is strtolower()and when the user types in the username it is strtolower() to make it so if they type john as JoHN they will still loginbut the username that is displayed is like when they registerd.. so if they registerd as JoHn and login as john. it will display JoHn

[Mr_CHISOL 0]

Yeah, but there's still no good reason to encrypt the username, once you have encryptet the username you can't get it in plain text again.Here some problems that I know would bug me...Can't extract the username from the dbWhen listing it's nice to be able to seperate different users (except for the id): users can have the same (full) name, and/or the same email (not usual to have the same emal, but it happens...)Identify the user (other than by the id)As a user:Can't see what my username isetcDo you know any good reasons to why encrypt the username?? (cause I don't......)Edit: response on asralaarons last post: you can accomplish that without encrypting the username or use two fields with the same value (except for case)

[astralaaron 17]

Yeah, but there's still no good reason to encrypt the username, once you have encryptet the username you can't get it in plain text again.Here some problems that I know would bug me...Can't extract the username from the dbWhen listing it's nice to be able to seperate different users (except for the id): users can have the same (full) name, and/or the same email (not usual to have the same emal, but it happens...)Identify the user (other than by the id)As a user:Can't see what my username isetcDo you know any good reasons to why encrypt the username?? (cause I don't......)Edit: response on asralaarons last post: you can accomplish that without encrypting the username or use two fields with the same value (except for case)

no i dont know any good reason, i wasnt really given the reason someone(dont remember exactly who) told me its a good idea to do it.. so i listened. but in future jobs I will just encrypt the password

[zppblood 0]

The way you described it doesn't make any sense. It just takes up more space doing it that way. If you want to get the username from the db like they registered instead of what they typed to login, just get the info from the db and put it in the session instead of $_POST.