Member Avatar for Roses89

Hey,
My login form somehow isnt working and i cant find out why:S
I tried shifting around the variables but it still wont work.The code is:

<?php

$id=$_POST["empid"];

$pass=$_POST["password"];

if(empty($id)|| empty($pass))
{
header("location:login.html");
}

else
{

     require_once("dbconn.php");

$sql = "SELECT empid,surname,firstname,jobid,jobtitle FROM employee,jobs WHERE empid='$id' AND password='$pass' AND jobs.jobid=employee.jobid";

     $rs = mysql_query($sql, $dbConn);

    
     if (mysql_num_rows($rs)> 0 ) 
       {
         session_start();
         $_SESSION["who"] = $id;
         $_SESSION["sname"] = mysql_result($rs,0,"surname");
         $_SESSION["firstname"] = mysql_result($rs,0,"firstname");
         $_SESSION["jid"] = mysql_result($rs,0,"jobid");
         $_SESSION["jtitle"] = mysql_result($rs,0,"jobtitle");
         header("location: choosereview.php");
         }
    else
      {
       header("location: employee.php");
      }
}

?>

Everytime i try logining in, when i leave it empty it works,but when i type the right user name and password,instead of taking me to the choosereview.php it takes me to employee.php.It does the same even when im wrong.I mean it works fine for wrong,but it wont work fine when its right.I also needed to know if this was the right way to access data from two tables?I have doubts that, that might be the problem.

  • 4 Contributors
  • 8 Replies
  • 136 Views
  • 7 Hours Discussion Span
  • Latest Post Latest Post by Roses89
Member Avatar for urtrivedi

1) at line 18 add following line

echo $sql;

copy the dynamic query from browser and run it in mysql client or phpmyadmin what ever you are using, now see the result.

2) change line no 22 as given

if ( mysql_result($rs,0,"empid") =$id )
Member Avatar for Virtualbase

Do you have any record in the 'job' table for that employee? because you are inner joining the job and employee table on job id field. So if there is no record for that employee it will take you to the employee.php form.
You can add the following test code to check the number of records:
(put that code on line 20, after mysql_query )

echo mysql_num_rows($rs)."<hr>";
exit;

Also always use mysql_real_escape_string() function to remove the special characters for your form variables to avoid SQL Injection. Otherwise your website can be hacked pretty easily.

Member Avatar for rajarajan2017 
if (mysql_num_rows($rs)> 0 )

The above condition not satisfying, that is you couln't get any rows from the query. check if the query gives the proper output. It doesn't give now. Just check your query by pasting the same into your sql editor and check over there. If not excepted result come, then modify the query and get the result. Paste the resultant query in php and it will work.

Member Avatar for Roses89

I got the query working.I esp made another php file to check that out.Its working:)@Raja

Yes i do have a job table for employees.I tried the sql query separately and its working fine.Its just when i try using it in the login.php file it stuffs up:( @VirtualBase

Il try that out and let u know in a mint if that works@urtrivedi

Member Avatar for Roses89

I tried doing what urtrivedi said but it gives me the following error:

Fatal error: Can't use function return value in write context in I:\....\login.php on line 23 i.e the if statement:S

Member Avatar for Virtualbase

Your existing code is fine. So undo the change you made.

Also please check you have the correct variable names empid & password. Do you get the values in these two variables?

Member Avatar for rajarajan2017

Please use echo for printing the variables and check whether you get all the variables value you used all over the program?

Member Avatar for Roses89

Hmm...Il have a look at that..

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.