what will be the code of comparing the login data with the already stored data of user on the data base .kindly reply me soon.ihv to compare the two variables(user name and password).plzzz
bsse007 -3 Light Poster
furqan219 -9 Junior Poster in Training
Please SHARE your table structure, so we can tell you
bsse007 -3 Light Poster
there is a form of registration having username,password & email.this data is stored in data base's table when accepted.there is another form of already registered whom data have been saved.i just want that they can be logd in when there username & pasword is matched with the already existing data.
furqan219 -9 Junior Poster in Training
Table structure and sample data??? Please share
bsse007 -3 Light Poster
name of db=project
name of table=user
in table there are 3 fields
user_name password email
ali ali01 ali02@gmail.com
saad sam_09 saad_8@gmail.com
diafol
What code do you have so far? You'll be using $_POST variables. Are you using a password hash like md5? More info please.
You compare with a SELECT query, placing the cleaned variables in the WHERE clause.
bsse007 -3 Light Poster
registr.html ,register page
<form action="login.php" method="post" >
<h3>Registered here</h3>
<table>
<tr><td><b>User Name</b></td><td><input type="text" name="myname"/></td></tr>
<tr>
<td><b>Password</b></td>
<td><input type="password" name="pass"/></td></tr><tr><td><b>e-mail</b></td><td><input type="text" name="email"/></td></tr>
<tr><td></td><td><input type="submit" value="register"/></td></tr></table></form>login.php page
<?php
$con = mysql_connect("localhost","root");
if (!$con)
{
die('Could not connect:');
}
mysql_select_db("project", $con);
$sql="INSERT INTO user ( user_name, password, email )
VALUES
('$_POST[myname]','$_POST[pass]','$_POST[email]')";
if (!mysql_query($sql,$con))
{
die('Error:' );
}
else
{echo header('Location:http://localhost/click.html');
}
mysql_close($con)
?>check.html, comparing page
<form action="open.php" method="post">
Already have an account
<br>User name
<input type="text" name="user"/>
<br>
Password
<input type="password" name="password"/><br>
<input type="submit" value="login"/>
</form>now i need the coding of open.php
regards
bsse007 -3 Light Poster
open.php
<?php
$uname=$_POST['user'];
$upass=$_POST['password'];
$con = mysql_connect("localhost","root");
if (!$con)
{
die('Could not connect:');
}
mysql_select_db("project", $con);
$result=mysql_query("select user_name from user");
$result1=mysql_query("select password from user");
while($row=mysql_fetch_array($result) && $row1=mysql_fetch_array($result1))
{
if($uname==$row && $upass==$row1)
{echo.........
}
else
{
echo ...........
}
}
?>i hv made this code.kindly chek it.
diafol
OK. I see.
$name = mysql_real_escape_string($_POST['user']);
$pw = mysql_real_escape_string($_POST['password']);
$r = mysql_query("SELECT user_name FROM user WHERE user_name='$name' AND password = '$pw'");
if(mysql_num_rows($r)>0){
//user exists - keep data in session/cookie or whatever
}else{
//failed login
}There could be a lot more involved - but this is bare bones stuff. I noticed that you don't clean your variables on the registration form. This is very unwise. Use something like mysql_real_escape_string if it is supported on your server.
bsse007 -3 Light Poster
thanks a lot.you have solved my problem.
will u plz tell me about "mysql_real_escape_string",infact i have no idea.
diafol
thanks a lot.you have solved my problem.
will u plz tell me about "mysql_real_escape_string",infact i have no idea.
Sure, when you get raw data from a form (or a url querystring) - the data you pick up from $_POST or $_GET variables in other words, you can't trust the data to be safe or to not mess up your queries or to be stored correctly.
Quotes within data can often mess up the query.
Some naughty people may even try to inject their own SQL into your query through a form or url. This can usually be prevented by changing all 'tags' to escape characters or html encodes .e.g. <script> becomes <script>
A while ago I used to use
$var = addslashes(htmlentities($_POST['var']));but I tend to use mysql_real_escape_string() now.
This is called cleaning or sanitizing your data. Sometimes, you'll need to take off added backslashes that escape your quotes when output back to html. You can do this by stripslashes($var).
bsse007 -3 Light Poster
okk.i undrstud.
i m again in trouble.
there is a user who is typing an article in the textarea and have the title in the text box.
i want to save his title to his info row.
i mean the title should be saved in the feild name title aginst the logged in user.
will u kindly help me?
diafol
You need to supply your table structures. SO that we know how they can be linked.
rajarajan2017
$name = mysql_real_escape_string($_POST['user']);
$title = "Harry Potter" ; //you should fetch title from textbox
$r = mysql_query("SELECT user_name, title FROM user WHERE user_name='$name');
if(mysql_num_rows($r)>0){
$r =mysql_query("UPDATE user set title='$title' WHERE user_name='$name'");
}
else
{
//no user found
} bsse007 -3 Light Poster
can session be used throuh diffrent pages.
means session_started in a page but retrive in the other.
is it possible & how?
regards
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.