MySql doesn't return anything
Question
I'm just messing around with PHP and MySql to learn things... Untill now everything worked out fine, but now I just can't find any solution. The base is a very simple login system. Now i was trying to read username and password from a database called 'login' with the table 'userTBL' and fields 'username' and 'password'.
<?php
session_start();
mysql_connect ('localhost', 'root', 'root') or die('NO MYSQL CONNECTION!');
mysql_select_db('login');
if ($_GET['login']) {
$username = ($_POST['username']);
$password = ($_POST['password']);
$tmp = mysql_query("SELECT * FROM `user`");
$data = mysql_fetch_array($tmp);
if($tmp) {
echo 'FULL<br />';
} else {
echo 'EMPTY<br />';
}
$_SESSION['username'] = $data['username'];
$_SESSION['password'] = $data['password'];
if ($username == $_SESSION['username'] && $password == $_SESSION['password']) {
$_SESSION['loggedin'] = true;
header("Location: protected.php");
exit;
} else echo "Wrong details!<br />";
}
if ($_SESSION['loggedin'] == true) {
header("Location: protected.php");
}
?>
It seems like the database would not return anything, but why?!?!
Thanks for your help!
2 answers
solution1
1 2013-06-16 07:39:46
You mentioned that your table is called 'userTBL' but you're querying the table 'user'. Change your query to this: $tmp = mysql_query("SELECT * FROM userTBL WHERE username = {$username} AND password = {$password}"); The 'WHERE' clause will ensure that the query only returns data matching the username and password that was typed into the form.
solution2
0 2012-09-19 21:09:42
<?php
session_start();
mysql_connect ('localhost', 'root', 'root') or die('NO MYSQL CONNECTION!');
mysql_select_db('login');
if ($_GET['login']) {
$username = htmlspecialchars($_POST['username']);
$password = htmlspecialchars($_POST['password']);
$tmp = mysql_query('SELECT * FROM `userTBL` WHERE `user` = "'.$username.'"');
while ($data = mysql_fetch_array($tmp))
{
$_SESSION['username'] = $username;
$_SESSION['password'] = $data['password'];
if ($password == $_SESSION['password']) {
$_SESSION['loggedin'] = true;
header("Location: protected.php");
exit;
} else echo "Wrong details!<br />";
}
}
if ($_SESSION['loggedin'] == true) {
header("Location: protected.php");
}
?>
Also: use salt+hash to store passwords in database.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.