$realUser = mysql_query("SELECT Username FROM my_db WHERE Username = $user ");

This is not storing the $user value to $realUser. I am correctly using $_REQUEST to retrieve the value for $user from a form, and I am connected to my database. I understand there is an issue with PHP variables in a query, can someone please tell me how I could make this work?

Sorry, I meant it's not storing the query using the $user variable to the $realUser

Try this:

$realUser_q = mysql_query("SELECT Username FROM my_db WHERE Username = $user ") or die(mysql_error());
$realUser=mysql_fetch_array($realUser_q);
//above sets the $realUser[] Array
//example usage: $realUser['mysql_column_name']
echo $realUser['Username'];

Hope that helps answer the question.

commented: good advice +4

Looking at your query, I guess $user is a string. So

$realUser_q = mysql_query("SELECT Username FROM my_db WHERE Username = $user ") or die(mysql_error());

will generate an error. You have to put single quotes around $user. ie.,

$realUser_q = mysql_query("SELECT Username FROM my_db WHERE Username = '$user'") or die(mysql_error());

You don't need single quotes if you are querying with integers. ie.,

$realUser_q = mysql_query("SELECT Username FROM my_db WHERE Userid = $userid ") or die(mysql_error());

Hope thats clear!

First, I'd like to say I really appreciate the replies. I have tried single quotes, no error is given, but nothing is stored in $realUser. What does _q at the end of the variable do?

First, I'd like to say I really appreciate the replies. I have tried single quotes, no error is given, but nothing is stored in $realUser. What does _q at the end of the variable do?

If nothing is stored, then maybe $user is empty. Try this and let us know what it prints.

$realUser_q = "SELECT Username FROM my_db WHERE Username = '$user'";
echo $realUser_q;
$realUser_r = mysql_query($realUser_q) or die(mysql_error());

And as for your second question, _q don't do anything. Its just another variable.

Okay here's what I'm doing exactly. I'm taking a field from a form called user and storing it in the variable $user. Then, I'm looking for $user in my_db and storing it is $realUser. I am then comparing the two to see if the username they entered exists.

I have echo $realUser; in the script and it returns nothing, this is how I know it's not working.

Can you post your code here ? And don't echo $realUser, echo $realUser_q.

This is after requesting the user and pass variables and setting the con variable with a connection to my_db:

if(!$con)
        {
        die('Could not connect: ' . mysql_error());
        }
mysql_select_db("my_db", $con);

$realUser = mysql_query("SELECT Username FROM my_db WHERE Username = $user");

echo $realUser;

if(!($user == $realUser))
        {
        echo "No Such User";
        }
else
        {
        $realPass = mysql_query("SELECT Password FROM my_db WHERE Username = '$user'");
        if($pass != $realPass)
                {
                echo "Incorrect password";
                }
        elseif($pass == $realPass)
                echo "Welcome!";

        }

I know this is about to get torn apart. I know I should've used != , but I wasn't sure what the problem was, so I tried some things. I can see obvious mistakes in there.

if(!$con)
        {
        die('Could not connect: ' . mysql_error());
        }
mysql_select_db("my_db", $con);
$user = mysql_real_escape_string($_POST['user']); //request posted data and sanitise it using mysql_real_escape_string
$pass = mysql_real_escape_string($_POST['pass']);
$realUser_query = "SELECT Username FROM my_db WHERE Username = '$user'"; // create the query
$realUser_result = mysql_query($realUser_query); //execute the query and assign result resource to $realUser_result
if(mysql_num_rows($realUser_result) > 0 ) { //if the returned results is more than 0
	$usernamerow = mysql_fetch_array($realUser_result); //fetch the returned result to $usernamerow
	$realUser = $usernamerow['Username']; //assign Username to $realUser
}
if($user != $realUser) {
        echo "No Such User";
} else {
        $realPass_query = "SELECT Password FROM my_db WHERE Username = '$user'";
        $realPass_result = mysql_query($realPass_query);
        if(mysql_num_rows($realPass_result) > 0 ) {
        	$passrow = mysql_fetch_array($realPass_result);
        	$realPass = $passrow['Password'];
				}
        if($pass != $realPass)
                {
                echo "Incorrect password";
                }
        elseif($pass == $realPass)
                echo "Welcome!";

        }

Try this out! I have added comments for you to understand.

I am getting this error.

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /var/www/home.php on line 23

This corresponds to this line in my code:

$realUser_result = mysql_query($realUser_query); //execute the query and assign result resource to $realUser_result
      [B]if(mysql_num_rows($realUser_result) > 0 ) { //if the returned results is more than 0[/B]
      $usernamerow = mysql_fetch_array($realUser_result); //fetch the returned result to $usernamerow

Okay! Add echo $realUser_query; before $realUser_result = mysql_query($realUser_query); and tell us what it prints.

SELECT Username FROM my_db WHERE Username = 'willemjr'

Okay! The query looks good. Are you sure the table name is correct ? Because I noticed your database and table have the same name! :-/ If it is correct, execute this query in phpmyadmin or mysql console and see if it throws any error!

the database name should be my_db and the table should be Users. Did I mess that up??

Ah! :'( Yes !!!

where am I putting the table name then? haha thanks a lot for the help by the way. I'm not really even doing this for anything, just trying to learn.

In all the queries, change my_db to user. :) Then I guess it should work fine!

I got it, thank you so much man. I'm gonna have to go over the code so I can understand all the changes, but I really do appreciate the help!

You are welcome! Glad I could help :) Cheers!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.