SELECT FROM and restriction clause

Forum Moderators: coopster

Message Too Old, No Replies

SELECT FROM and restriction clause

mclethe

8:45 pm on Jul 18, 2006 (gmt 0)

Hi,

I wonder if there is really no possibility to use the
restrictive clause "if... else" when using the SELECT FROM
to login already registred members.
Does anybody knows what I mean?
Hereafter the php-page:

@mysql_connect($dbhost,$dbuser,$dbpass) or die("La Connexion a échouée"); @mysql_select_db($dbbase) or die("La Base $dbbase n'existe pas");
$result = mysql_query("SELECT id, login, mdp FROM DB WHERE login='".$_GET["login"]."' AND mdp='".$_GET["mdp"]."'")
or die ("error! this is not your login");
if(mysql_num_rows($result)>0)
{
list() = mysql_fetch_row($result);
?>

... follows the html party ...

</body>
</html>

<?php
}
else
echo "error, why don't you write in?";

The page is displayed as if nothing were wrong! But, of course, should only when the user has correctly logged in.
Can anyone maybe help?

Would be great, thanks in advace,

mcLethe

Scally_Ally

8:40 am on Jul 19, 2006 (gmt 0)

I dont completely understand..
When i do a login it goes a little somethin like this..

$query = "SELECT * FROM administrators";
$result = mysql_query($query) or die(mysql_error());
while($row = mysql_fetch_assoc($result)) {
if($row["user_name"] == $_POST['username'] && $row["pass_word"] == $_POST['password']){
$_SESSION['admin'] = true;
header("location:index.php");
}
}

if(isset($_SESSION['admin']) == false){
header("location:login.php");
}

this does pretty much the same as what yours does except that it redirects to a page that handles failed logins, instead of just echoing to the page. It also stores a session variable as to whether the user is an administrator.

There a a couple of other things you should do like set all your comparison strings to upper case when comparing and also to validate for sql injections etc..

mclethe

9:37 am on Jul 19, 2006 (gmt 0)

Thanks a lot, I will try it.

mclethe

1:17 pm on Jul 19, 2006 (gmt 0)

Scally_Ally,

It works perfectly adding the session variable,
which gives something extremely simple and interesting if you are not fond of to storing 100'000'000 sessions in your DB!

Another question: Have you some experience in PHP/AS?
I am looking for someone who could really explain me
the basic client-side script of a AS-form as I have the
impression, slowly, that I make a basic mistake.

Would be great if I could get some help, seriously..
Thanks a lot,

mcLethe

Scally_Ally

1:29 pm on Jul 19, 2006 (gmt 0)

I dont really know what AS-form is..?
Are they just like HTML forms?.. I really dont know sorry, i just use html and php together and i achieve everything i need in this way.
Ally

mclethe

4:44 pm on Jul 19, 2006 (gmt 0)

Oh, sorry, I didn't vanish bothering you, I meant
Action Script for AS.

Scally_Ally

8:09 am on Jul 20, 2006 (gmt 0)

argh right... i see..
Yes i do alot of mixing of AS and PHP. There is one class with three functions that you might want to look into witin actionscript. The LoadVars class.
1. LoadVars.load( url )
2. LoadVars.send( url [, target, method ] )
3. LoadVars.sendAndLoad( url , targetObject [ ,method ] )
check em out in the actionscript dictionary, this is where all the stuff happens for gettin the data in and out of your swf.

[edited by: Scally_Ally at 8:09 am (utc) on July 20, 2006]