$realUser = mysql_query("SELECT Username FROM my_db WHERE Username = $user ");This is not storing the $user value to $realUser. I am correctly using $_REQUEST to retrieve the value for $user from a form, and I am connected to my database. I understand there is an issue with PHP variables in a query, can someone please tell me how I could make this work?
Sorry, I meant it's not storing the query using the $user variable to the $realUser
Try this:
$realUser_q = mysql_query("SELECT Username FROM my_db WHERE Username = $user ") or die(mysql_error());
$realUser=mysql_fetch_array($realUser_q);
//above sets the $realUser[] Array
//example usage: $realUser['mysql_column_name']
echo $realUser['Username'];Hope that helps answer the question.
Looking at your query, I guess $user is a string. So
$realUser_q = mysql_query("SELECT Username FROM my_db WHERE Username = $user ") or die(mysql_error());will generate an error. You have to put single quotes around $user. ie.,
$realUser_q = mysql_query("SELECT Username FROM my_db WHERE Username = '$user'") or die(mysql_error());You don't need single quotes if you are querying with integers. ie.,
$realUser_q = mysql_query("SELECT Username FROM my_db WHERE Userid = $userid ") or die(mysql_error());Hope thats clear!
First, I'd like to say I really appreciate the replies. I have tried single quotes, no error is given, but nothing is stored in $realUser. What does _q at the end of the variable do?
First, I'd like to say I really appreciate the replies. I have tried single quotes, no error is given, but nothing is stored in $realUser. What does _q at the end of the variable do?
If nothing is stored, then maybe $user is empty. Try this and let us know what it prints.
$realUser_q = "SELECT Username FROM my_db WHERE Username = '$user'";
echo $realUser_q;
$realUser_r = mysql_query($realUser_q) or die(mysql_error());And as for your second question, _q don't do anything. Its just another variable.
Okay here's what I'm doing exactly. I'm taking a field from a form called user and storing it in the variable $user. Then, I'm looking for $user in my_db and storing it is $realUser. I am then comparing the two to see if the username they entered exists.
I have echo $realUser; in the script and it returns nothing, this is how I know it's not working.
Can you post your code here ? And don't echo $realUser, echo $realUser_q.
This is after requesting the user and pass variables and setting the con variable with a connection to my_db:
if(!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("my_db", $con);
$realUser = mysql_query("SELECT Username FROM my_db WHERE Username = $user");
echo $realUser;
if(!($user == $realUser))
{
echo "No Such User";
}
else
{
$realPass = mysql_query("SELECT Password FROM my_db WHERE Username = '$user'");
if($pass != $realPass)
{
echo "Incorrect password";
}
elseif($pass == $realPass)
echo "Welcome!";
}I know this is about to get torn apart. I know I should've used != , but I wasn't sure what the problem was, so I tried some things. I can see obvious mistakes in there.
if(!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("my_db", $con);
$user = mysql_real_escape_string($_POST['user']); //request posted data and sanitise it using mysql_real_escape_string
$pass = mysql_real_escape_string($_POST['pass']);
$realUser_query = "SELECT Username FROM my_db WHERE Username = '$user'"; // create the query
$realUser_result = mysql_query($realUser_query); //execute the query and assign result resource to $realUser_result
if(mysql_num_rows($realUser_result) > 0 ) { //if the returned results is more than 0
$usernamerow = mysql_fetch_array($realUser_result); //fetch the returned result to $usernamerow
$realUser = $usernamerow['Username']; //assign Username to $realUser
}
if($user != $realUser) {
echo "No Such User";
} else {
$realPass_query = "SELECT Password FROM my_db WHERE Username = '$user'";
$realPass_result = mysql_query($realPass_query);
if(mysql_num_rows($realPass_result) > 0 ) {
$passrow = mysql_fetch_array($realPass_result);
$realPass = $passrow['Password'];
}
if($pass != $realPass)
{
echo "Incorrect password";
}
elseif($pass == $realPass)
echo "Welcome!";
}Try this out! I have added comments for you to understand.
I am getting this error.
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /var/www/home.php on line 23
This corresponds to this line in my code:
$realUser_result = mysql_query($realUser_query); //execute the query and assign result resource to $realUser_result
[B]if(mysql_num_rows($realUser_result) > 0 ) { //if the returned results is more than 0[/B]
$usernamerow = mysql_fetch_array($realUser_result); //fetch the returned result to $usernamerowOkay! Add echo $realUser_query; before $realUser_result = mysql_query($realUser_query); and tell us what it prints.
SELECT Username FROM my_db WHERE Username = 'willemjr'Okay! The query looks good. Are you sure the table name is correct ? Because I noticed your database and table have the same name! :-/ If it is correct, execute this query in phpmyadmin or mysql console and see if it throws any error!
the database name should be my_db and the table should be Users. Did I mess that up??
Ah! :'( Yes !!!
where am I putting the table name then? haha thanks a lot for the help by the way. I'm not really even doing this for anything, just trying to learn.
In all the queries, change my_db to user. :) Then I guess it should work fine!
I got it, thank you so much man. I'm gonna have to go over the code so I can understand all the changes, but I really do appreciate the help!
You are welcome! Glad I could help :) Cheers!
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.