|
|||||||||
|
|||||||||
|
|||||||||
| |
|||
 |
|
|
|
|
|||||||||
|
|||||||||
|
|||||||||
| |
|||
|
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Display Modes |
Dev Articles Community Forums Sponsor:
|
|
|
|
#1
April 5th, 2004, 08:10 AM
|
|||
|
|||
mysql_errno error
HELP
A piece of code I wrote to verify users. The $query return proves correct, the session vars are fine and yet if I type an incorrect user at the login it will *NOT* generate the error. The DB 'users' has 2 fields, username as primary key and 25 chrs long. Password is 32 chrs (for MD5) both are varchar. $_SESSION['username']=$_POST["username"]; $_SESSION['password']=$_POST["password"]; $tmpuser=$_SESSION["username"]; $tmpPW=md5($_SESSION["password"]); dbConnect(); // THIS WORKS NO WORRIES $query = "SELECT * FROM `users` WHERE username='$tmpuser' AND password='$tmpPW'"; $result= mysql_query($query); if (mysql_errno()) { die('ERROR : User not valid... Do you need to register?'); } echo $query; // testing query string - AOK echo '<br>You have successfully logged in as : '.$tmpuser.'<br>';
|
|
#2
April 5th, 2004, 10:16 AM
|
||||
|
||||
|
You should use your POST vars in your query and set SESSION vars only if the user successfully authenticates. I guess it's possible that the session variables aren't really set until the end of the script or something (doesn't seem intuitive, but you never know), and that's what's causing your error. Using POST vars to validate your query prevents a possible session hijacking from allowing non-authorized users from authenticating if indeed the session vars aren't being changed before you do your query. Have you echoed your session vars both before and after setting them, by the way?
__________________
Please don't PM me asking for solutions outside the scope of a thread. Keeping all responses in a thread stands to help others who come along later, which is after all what this forum's all about.
|
|
#3
April 5th, 2004, 03:27 PM
|
|||
|
|||
|
The SESSION values are actually OK (though I see your point about not using them until user is validated).
But that's not the problem - If I echo $query it shows the input from the returned form with the correct values. eg: username test, password test [$query returns] SELECT * FROM `users` WHERE username='test' AND PASSWORD='098f6bcd4621d373cade4e832627b4f6' The problem in this case is that user "test" does not exist in the table but I'm told it is valid - die is not triggering for some reason? I've even tried testing on (!$result) with no luck?! This has me stumped.  I know my function DBConnect works fine because I can INSERT recs with no trouble...
|
|
| Viewing: Dev Articles Community Forums > Databases > MySQL Development > mysql_errno error |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
