ATM Posted November 18, 2006 Share Posted November 18, 2006 I recently started learning mysql and haven't been able to set it up yet, but I was wondering if the following code will work; <?php $mysql_servername="" ?><?php $mysql_username="" ?><?php $mysql_password="" ?><?php $mysql_database="" ?><?php $mysql_tablename="" ?><?php $mysql_fieldname="" ?><?php $mysql_password_field="" ?><?php $mysql_xml_reference="" ?><?php $username=$_POST["username"]; ?><?php $password=$_POST["password"]; ?><?php $connect = mysql_connect( $mysql_servername, $mysql_username , $mysql_password ); ?><?php mysql_select_db( $mysql_database , $connect ); ?><?php $login = "SELECT * from $mysql_tablename WHERE $mysql_fieldname='$username'"; ?><?php $fetch_array = mysql_fetch_array($login)); ?><?php if ($fetch_array['$mysql_password_field']="$password"){$xml_reference=$fetch_array['$mysql_xml_reference'];} ?><?php mysql_close($connect); ?> The code is firstly meant to connect to my sql, then get the username and password send from a form, it's then ment to look to see if the username exists in the table of data and if it does it's meant to check to see if the passwords match and then if they do it's meant to get another field, which will contain a url and put that url into a variable.Thanks, Link to comment Share on other sites More sharing options...
www.mihalism.com Posted November 19, 2006 Share Posted November 19, 2006 First of all you only need one bracket and you did not end your variables with ;Here i made it more clean and it should work <?php $mysql_servername=""; $mysql_username=""; $mysql_password=""; $mysql_database=""; $mysql_tablename=""; $mysql_fieldname=""; $mysql_password_field=""; $mysql_xml_reference=""; $username=$_POST["username"]; $password=$_POST["password"]; $connect = mysql_connect( $mysql_servername, $mysql_username , $mysql_password ); mysql_select_db( $mysql_database , $connect ); $login = "SELECT * from ".$mysql_tablename." WHERE ".$mysql_fieldname."='".$username'.""; $fetch_array = mysql_fetch_array($login)); if ($fetch_array['$mysql_password_field']="$password"){ $xml_reference=$fetch_array['$mysql_xml_reference']; } mysql_close($connect); ?> Link to comment Share on other sites More sharing options...
ATM Posted November 19, 2006 Author Share Posted November 19, 2006 Cheers, Link to comment Share on other sites More sharing options...
justsomeguy Posted November 19, 2006 Share Posted November 19, 2006 if ($fetch_array['$mysql_password_field']="$password"){There are two things wrong with that. The first one is that you use single quotes, and single quotes do not do variable replacement. So it is using the string "$mysql_password_field" for the array index. Secondly, you are using the assignment operator, so you are setting the value of $fetch_array['$mysql_password_field'] equal to whatever is contained in the $password variable. So the if statement is always true. You need to be using comparison instead of assignment, and there's also no point to have quotes around a single variable.if ($fetch_array[$mysql_password_field] == $password){ Link to comment Share on other sites More sharing options...
ATM Posted November 20, 2006 Author Share Posted November 20, 2006 So is this ok? <?php$mysql_servername="";$mysql_username="";$mysql_password="";$mysql_database="";$mysql_tablename="";$mysql_fieldname="";$mysql_password_field="";$mysql_xml_reference="";$username=$_POST["username"];$password=$_POST["password"];$connect = mysql_connect( $mysql_servername, $mysql_username , $mysql_password );mysql_select_db( $mysql_database , $connect );$login = "SELECT * from ".$mysql_tablename." WHERE ".$mysql_fieldname."=".$username."";$fetch_array = mysql_fetch_array($login);if ($fetch_array[$mysql_password_field] == $password){$xml_reference=$fetch_array[$mysql_xml_reference];}else {header("Location: http://www.yourdomain.co.uk/");}mysql_close($connect);?> Link to comment Share on other sites More sharing options...
justsomeguy Posted November 20, 2006 Share Posted November 20, 2006 I don't know if it's "ok", I don't know what you're trying to do with it. If it runs and does what you want, then it's ok. If it gives an error message, then it's not ok. If whatever column you are checking in your SQL statement is a character column, then you will need to surround the value you are checking with quotes. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now