PHP Login Page with and without mysql_fetch_object

Question

alex.p.kcx 0 Newbie Poster

11 Years Ago

Hi,

With resources on the internet I have created two versions of a login page :- one with mysql_fetch_object and the other without it. I would like to understand which approach is a better and why.

Following is the code with mysql_fetch_object :-

<?php
    session_start();
    include "dbconnect.php";

    if(isset($_GET["op"]) == "login")
    {
        if(!$_POST["username"] || !$_POST["password"])
        {
            die("You need to provide a username and password.");
        }

        $username = mysql_real_escape_string($_POST["username"]);
        $password = mysql_real_escape_string($_POST["password"]);
        $q = "SELECT * FROM users WHERE username = '$username' AND password = '$password'");

        $r = mysql_query($q);

                if ( $obj = @mysql_fetch_object($r) )
                {
                    // Login good, create session variables
                    $_SESSION["valid_localid"] = $obj->id;
                    $_SESSION["valid_localuser"] = $_POST["username"];
                    $_SESSION["valid_localtime"] = time();

                    // Redirect to member page
                    Header("Location: homepage.php");
                }
        else
        {
            die("Sorry, could not log you in. Wrong login information.");
        }
    }
    else
    {
        ?>

        <html>
            <head>
                <title>PHP Session</title>
            </head>
            <body>
                <h3>Login Form</h3>
                    <form action="?op=login" method="POST">
                        <label>Username</label>
                        <input type="text" name="username">
                        <br>
                        <label>Password</label>
                        <input type="password" name="password">
                        <br>
                        <input type="submit" value="Login">

                    </form>
            </body>
        </html>

        <?php
    }
?>

Following is the code without mysql_fetch_object :-

<?php
    session_start();
    include "dbconnect.php";

    if(isset($_GET["op"]) == "login")
    {
        if(!$_POST["username"] || !$_POST["password"])
        {
            die("You need to provide a username and password.");
        }

        $username = mysql_real_escape_string($_POST["username"]);
        $password = mysql_real_escape_string($_POST["password"]);
        $q = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'");
        $r = mysql_fetch_array($q);

        $num_results = mysql_num_rows($q);

        if($num_results > 0)
        {
            $_SESSION["valid_user"] = $_POST["username"];
            $_SESSION["timeout"] = time();

            Header("Location: aboutuser.php");
        }
        else
        {
            die("Sorry, could not log you in. Wrong login information.");
        }
    }
    else
    {
        ?>

        <html>
            <head>
                <title>PHP Session</title>
            </head>
            <body>
                <h3>Login Form</h3>
                    <form action="?op=login" method="POST">
                        <label>Username</label>
                        <input type="text" name="username">
                        <br>
                        <label>Password</label>
                        <input type="password" name="password">
                        <br>
                        <input type="submit" value="Login">

                    </form>
            </body>
        </html>

        <?php
    }
?>

Please help me find which is a better approach and why. Since this code is from someone else, I was unable to understand how form action is working here. Please help me in understanding (action="?op=login") part.

Thanks

mysql php

2 Contributors
2 Replies
371 Views
4 Hours Discussion Span
Latest Post 11 Years Ago Latest Post by broj1

broj1 356 Humble servant

11 Years Ago

Once you query the database you can retrieve a row in either:

an array (associative: using mysql_fetch_assoc or enumerated using mysql_fetch_row or both using mysql_fetch_array) where keys are field names (or filed index) and values are the values you queried:

$myArray['username'] = 'broj1';
$myArray['password'] = 'IamNotTellingIt';

or

an object (using mysql_fetch_object) where property names are field names and propertiy values are the values you queried

$myObject->username = 'broj1';
$myObject->password = 'IamNotTellingIt';

So which one you use is just a matter of what you prefer to process when you use the values. I personally use the array functions.

Just a side note: mysql extension is becomming obsolete and will not be supported sometime in future. It is wise to start using the mysqli (improved) extension which has more features. So the above functions would be mysqli_fetch_assoc, mysqli_fetch_row, mysqli_fetch_array, mysqli_fetch_object.

Edited 11 Years Ago by broj1

Zagga commented: Nicely explained +4

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

broj1 356 Humble servant Featured Poster · Answer 1 · 2012-12-27T21:54:17+00:00

Please help me in understanding (action="?op=login") part

This means that the form will be submitted to the same page with the query string op=login appended to the URI. So if the page with the form is http://www.mydomain/login.php the action goes to http://www.mydomain/login.php?op=login, which in turn means that $_GET array will contain an 'op' element after the form submition

$_GET['op'] = 'login';

which you can test for and use in your code (which is actuall done on line 5).