Hi,

With resources on the internet I have created two versions of a login page :- one with mysql_fetch_object and the other without it. I would like to understand which approach is a better and why.

Following is the code with mysql_fetch_object :-

<?php
    session_start();
    include "dbconnect.php";

    if(isset($_GET["op"]) == "login")
    {
        if(!$_POST["username"] || !$_POST["password"])
        {
            die("You need to provide a username and password.");
        }

        $username = mysql_real_escape_string($_POST["username"]);
        $password = mysql_real_escape_string($_POST["password"]);
        $q = "SELECT * FROM users WHERE username = '$username' AND password = '$password'");

        $r = mysql_query($q);

                if ( $obj = @mysql_fetch_object($r) )
                {
                    // Login good, create session variables
                    $_SESSION["valid_localid"] = $obj->id;
                    $_SESSION["valid_localuser"] = $_POST["username"];
                    $_SESSION["valid_localtime"] = time();

                    // Redirect to member page
                    Header("Location: homepage.php");
                }
        else
        {
            die("Sorry, could not log you in. Wrong login information.");
        }
    }
    else
    {
        ?>

        <html>
            <head>
                <title>PHP Session</title>
            </head>
            <body>
                <h3>Login Form</h3>
                    <form action="?op=login" method="POST">
                        <label>Username</label>
                        <input type="text" name="username">
                        <br>
                        <label>Password</label>
                        <input type="password" name="password">
                        <br>
                        <input type="submit" value="Login">

                    </form>
            </body>
        </html>

        <?php
    }
?>

Following is the code without mysql_fetch_object :-

<?php
    session_start();
    include "dbconnect.php";

    if(isset($_GET["op"]) == "login")
    {
        if(!$_POST["username"] || !$_POST["password"])
        {
            die("You need to provide a username and password.");
        }

        $username = mysql_real_escape_string($_POST["username"]);
        $password = mysql_real_escape_string($_POST["password"]);
        $q = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'");
        $r = mysql_fetch_array($q);

        $num_results = mysql_num_rows($q);

        if($num_results > 0)
        {
            $_SESSION["valid_user"] = $_POST["username"];
            $_SESSION["timeout"] = time();

            Header("Location: aboutuser.php");
        }
        else
        {
            die("Sorry, could not log you in. Wrong login information.");
        }
    }
    else
    {
        ?>

        <html>
            <head>
                <title>PHP Session</title>
            </head>
            <body>
                <h3>Login Form</h3>
                    <form action="?op=login" method="POST">
                        <label>Username</label>
                        <input type="text" name="username">
                        <br>
                        <label>Password</label>
                        <input type="password" name="password">
                        <br>
                        <input type="submit" value="Login">

                    </form>
            </body>
        </html>

        <?php
    }
?>

Please help me find which is a better approach and why. Since this code is from someone else, I was unable to understand how form action is working here. Please help me in understanding (action="?op=login") part.

Thanks

Once you query the database you can retrieve a row in either:

  • an array (associative: using mysql_fetch_assoc or enumerated using mysql_fetch_row or both using mysql_fetch_array) where keys are field names (or filed index) and values are the values you queried:

    $myArray['username'] = 'broj1';
    $myArray['password'] = 'IamNotTellingIt';

or

  • an object (using mysql_fetch_object) where property names are field names and propertiy values are the values you queried

    $myObject->username = 'broj1';
    $myObject->password = 'IamNotTellingIt';

So which one you use is just a matter of what you prefer to process when you use the values. I personally use the array functions.

Just a side note: mysql extension is becomming obsolete and will not be supported sometime in future. It is wise to start using the mysqli (improved) extension which has more features. So the above functions would be mysqli_fetch_assoc, mysqli_fetch_row, mysqli_fetch_array, mysqli_fetch_object.

commented: Nicely explained +4

Please help me in understanding (action="?op=login") part

This means that the form will be submitted to the same page with the query string op=login appended to the URI. So if the page with the form is http://www.mydomain/login.php the action goes to http://www.mydomain/login.php?op=login, which in turn means that $_GET array will contain an 'op' element after the form submition

$_GET['op'] = 'login';

which you can test for and use in your code (which is actuall done on line 5).

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.