Member system not working

A

Anonymous

Guest
I have a small script that tries to match the username and password ($_POST[Username], $_POST[Password]) submitted from a form to a row in a MySQL table.
This is my script. When it executes, there are no errors, but it just gives me a blank page, when it should really say either "Welcome..." or "there was an error". I did insert a row already into my table and I *am* inputting the right username and password. What's wrong?
Code: 
<?php
   $Success=0;
   $M_Conn=mysql_connect (localhost,"root","some_pass");
   mysql_select_db ("member_area",$M_Conn);
   $SQL="SELECT Username,Password,Full_name,Email_address,Age FROM Members WHERE Username='$_POST[Username]' AND Password='$_POST[Password]'";
   $Fulltable=mysql_query($SQL,$M_Conn);
   if (mysql_num_rows($Fulltable) == 1)   {
      /* Found a match. Now retrieve the data from the proper row. */
      $Row=mysql_fetch_array($Fulltable);
      $Success=1;
   }
   if ($Success != 0)   {
      $HTML="<html><head><title>Logged in</title></head><body><h1>Welcome</h1>";
      $HTML .= "Welcome, $Row['Full_name'].<br>Your email address is $Row['Email_address'].<br>";
      $HTML .= "You are $Row['Age'].</body></html>"
      echo $HTML;
   }
   else   {
      $HTML="<html><head><title>Error</title></head><body>There was an error signing in - make sure that you supplied";
      $HTML="the right username and password.</body></html>";
      echo $HTML;
   }
   mysql_close($M_Conn);
?>
 
Your code looks good. Try echoing $SQL and pasting it into MySQL and seeing if you get what you expect.
 
$SQL echoed perfectly: "SELECT Username,Password,Full_name,Email_address,Age FROM Members WHERE Username='Zack' AND Password='Zack_pass'" And pasted into the mysql moniter, retrieved one row, as planned. It's the php that's the problem.
I tried adding a semicolon to the end of the sql, and it still didn't work.
:(
 
I still don't see anything wrong with your code (other than the stylistic), but I took a stab at tweaking it a bit. It's a long shot, but give it a try:
PHP: 
<?php
   $M_Conn = mysql_connect(localhost, 'root', 'some_pass');
   
   mysql_select_db('member_area', $M_Conn);
   
   $SQL = "SELECT Username, Password, Full_name, Email_address, Age FROM Members WHERE Username = '" . $_POST['Username'] . "' AND Password='" . $_POST['Password'] . "'";
   $Fulltable = mysql_query($SQL, $M_Conn);

	if (mysql_num_rows($Fulltable) >= 1)   {
      /* Found a match. Now retrieve the data from the proper row. */
      $Row = mysql_fetch_assoc($Fulltable);

      $HTML  = '<html><head><title>Logged in</title></head><body><h1>Welcome</h1>';
      $HTML .= 'Welcome, ' . $Row['Full_name'] . '.<br>Your email address is ' . $Row['Email_address'] . '.<br />';
      $HTML .= 'You are ' . $Row['Age'] . '.</body></html>';
   } else {
      $HTML  = '<html><head><title>Error</title></head><body>There was an error signing in - make sure that you supplied ';
      $HTML .= 'the right username and password.</body></html>';
   }

	echo $HTML;
	
   mysql_close($M_Conn);
?>
 
I guess this should be a lesson to me - be veeeeeeeery careful with SQL code. I'm used to being lax with it.
It seems as if you added a few ' marks in the SQL. Thanks. It works now.
 
I'd suggest to always use backticks for any table/field names.. backtick is the same key as the tilde ` ~ this makes sure you can't mess up.
 
You must log in or register to reply here.
Back
Top