1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 12:34 pm Apr 28, 2026

Forum Moderators: coopster

Message Too Old, No Replies

PHP/MySQL Basics: general question

         

jd80

4:31 am on Feb 13, 2004 (gmt 0)

10+ Year Member



I'm trying to write a program that either displays an error message or inserts a username and password into a database. The error message is because there is already a username with the same value in the database. If it is the case that the 
username
is already in use, then the client is directed back to the login page to try again. This is assuming it is the first time some one is "loging in". My question is what exactly am I doing wrong that
$rows
is not being assigned a value? (sorry if this is a no-brainer... I'm new to mysql and php :)

Here is the code for the login page: 


<html>
 <head><title>LogInTest1.html</title></head>
 <body>
 
 <form action="logInTest1AP.php" method="post" name="logInTestForm" id="logInTestForm">
 
 Username:<input type="text" name="username" id="username" /><br/>
 
 Password:<input type="password" name="password" id="password" /><br/>
 <input type="submit" value="Log In"/>
 </form>
 </body>
</html>

And here is the php code for the action page, 

logInTest1AP.php
: 

<?php
 $username = $_POST['username'];
 $password = $_POST['password'];
 
 $dbLink = mysql_pconnect("localhost", "user", "thepass");
 mysql_select_db("theDataBase", $dbLink);
 
 $Query = "Select * From tblLogInTest where fldUsername like '$username';";
 
 $dbResult = mysql_query($Query, $dbLink);
 $rows = mysql_num_rows($dbResult);
 if($rows > 0){
 echo "Username already in use.";
 echo " Please go <a href='LogInTest1.html'>back</a> and log in with a different username.";}
 else{
 $Query = "INSERT INTO tblLogInTest (fldUsername, fldPassword)" . "VALUES ('$username', '$password')";
 mysql_query($Query, $dbLink); 
 }
?>

Please assume that 

user
, 
thepass
, and 
theDataBase
are all valid variables. Further more, assume that 
tblLogInTest
is the table into which the login info will go into (in particular, fields 
fldUsername
, and 
fldPassword
).

Also, are there any security precautions I should take when running such a script?

twist

5:03 am on Feb 13, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I'm new to sql too, but see if this works, 

$query = "SELECT fldUsername FROM tblLogInTest WHERE fldUsername = '$username'";
$result = mysql_query( $query );
$row = mysql_fetch_array( $result );
$test_for_name = $row[ 'username' ];
if( $test_for_name == '' ) { do insert }
else { echo 'message'; }

If the user was already logged in I wouldn't allow them to even see the login screen. So checking to see if there logged in on this page might not be needed.

slade7

5:51 am on Feb 13, 2004 (gmt 0)

10+ Year Member



For one thing you had one too many semicolon's in $Query

I'd do it a little differently. Assuming you know all your users personally, otherwise you need to do a lot of changing to this setup. Look into writing one long script to handle the login, and use a self-submitting form... sanitize the user input too at LEAST as much as below..

You should also encrypt the password to store it, except in your setup you'd need to test it BEFORE posting it to ensure it doesn't have any bad things in it like <?php?>"";''<></table> etc...

<?php
$username = htmlentities($_POST['username'],ENT_QUOTES);
$password = htmlentities($_POST['password'],ENT_QUOTES);

$dbLink = mysql_connect("localhost", "user", "thepass");
mysql_select_db("theDataBase");

$Query = "SELECT COUNT(*) FROM tblLogInTest WHERE fldUsername = '$username'";

$dbResult = mysql_query("$Query");
$rows = mysql_result($dbResult, 0);

if($rows > 0){
echo "Username already in use.";
echo " Please go <a href='LogInTest1.html'>back</a> and log in with a different username.";}
else{

// whatever ya wanna do
}
?>

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 12:34 pm Apr 28, 2026