Php Sql Problem

Forum Moderators: coopster

Message Too Old, No Replies

Php Sql Problem

Please desparate

Jonramshaw

6:29 pm on Sep 3, 2009 (gmt 0)

Okay I am new to forum posting but need some help .. when using user defined variables to query the database ..and approve session status .. why wont the query execute when posted as such

$name =$_SERVER['PHP_AUTH_USER'];
$pass = $_SERVER['PHP_AUTH_PW'];
if (isset( $name ) && isset($pass)) {

// the query

$query = "SELECT name, password FROM Admin WHERE
Name = '".$name."' AND
Password = '".$pass."'"; ?

coopster

7:46 pm on Sep 3, 2009 (gmt 0)

Welcome to WebmasterWorld, Jonramshaw.

You are checking to see if the variable is set ... and you just set it in the statement prior :) Something like this may serve you better.

$name = isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : ''; 
$pass = isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : ''; 
if ($name && $pass) {

andrewsmd

9:25 pm on Sep 3, 2009 (gmt 0)

I think I answered this somewhere else but try this
$query = "SELECT name, password FROM Admin WHERE
Name = '".$name."' AND
Password = '".$pass.";'";

Don't forget to echo you query to see what the actual query text is. i.e.
echo($query);

You can also change your if statement to
if ($name !="" && $pass!= "") {

Since you are setting them, if they are null PHP will set them to ""

Jonramshaw

1:48 pm on Sep 9, 2009 (gmt 0)

Okay guys I managed to get the authentication working using
in test, in live however,
<?php
# FileName="Connection_php_mysql.htm"
# Type="MYSQL"
# HTTP="true"

$dbuser="user";
$dbpass="password";
$dbname="pharma"; //the name of the database
$connect = mysql_connect("localhost", $dbuser, $dbpass)
or die("Connection Failure to Database");
mysql_select_db($dbname, $connect) or die ($dbname . " Database not found. " . $dbuser);

$auth = false; // Assume user is not authenticated
$name =$_SERVER['PHP_AUTH_USER'];
$pass = $_SERVER['PHP_AUTH_PW'];
if ($name !="" && $pass!= "") {

// the query

$query = "SELECT name, password FROM Admin WHERE
Name = '$name' AND
Password = '$pass'";

// Execute the query and put results in $result

$result = mysql_query( $query )

or die ( 'Unable to execute query.' );

// Get number of rows in $result.

$num = mysql_numrows( $result );

if ( $num != 0 ) {

// A matching row was found - the user is authenticated.

$auth = true;

}

if ( ! $auth ) {

header( 'WWW-Authenticate: Basic realm="Pharmacy Admin"' );
header( 'HTTP/1.0 401 Unauthorized' );

} else {

session_register('authorised');
header("location:sucess.php?title=go");

}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login</title>
<link href="../../../../css/1.css" rel="stylesheet" type="text/css" />
<style type="text/css">

</style>
</head>

<body>
<div id="header3">
<div align="center">
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p><h2><?php echo "Authorization Required"; ?></h2></p>
<p> </p>
<p class="style1">The details you entered are incorrect <a href="../../../../index.php">click here</a> to return to the home page</p>
</div>
</div>
</body>
</html>

when I change the values to reflect the remote server, i get the "failed to execute query" message.

There is nothing wrong with the db, i can use it to make tables slightly different way on other pages that use an include connection.php which work fine in test and live.

Once again many thanks in advance

Jon

Php Sql Problem

Please desparate

Jonramshaw

coopster

andrewsmd

Jonramshaw

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week