PLEASE HELP ME!
I started learning some PHP and I know stuff like:

echo, variables, $_POST[""], $_GET[""]

Just simple things, I want to be able to make a login script that

a) Saves user data in file
b) Saves user data in mysql db

PLEASE DONT GIVE ANY EXPERT EXPLANATIONS

Do you think 11 year olds should learn php/cgi ...
Im nearly 12 :)

The sooner the better. I'm fourteen...

Database processes are a bit more difficult, but you'll need them for logins. I believe pyro has already written a script like this that doesn't use a database. Let me go look for the thread, it should be a big help...

[J]ona

Ah, here it is: http://forums.webdeveloper.com/showthread.php?s=&threadid=10856&highlight=guestbook

[J]ona

Thanks, will read the topic.

Guestbook??

my problem is like logging in and then saving some cookie or something and have the password and usernames saved in a file, passwords crypted.

Thanks anyway, I can learn some functions there :)

11....14....geez... I'm an old man who walked to school up hill both ways in the snow.
No I would agree with Jona sooner the better. After all my parents didn't have our first computer in the house until I was 15, and then it got interesting. Yes I am older and older and older. Jeez....married....first kid on the way....jeez. Yes learn it now when your not a pasty old fart like me (22).

ANYWAY....

A lot of times a guestbook is the place to look for this sort of thing. The admin section usually to be more specific. You can also try http://www.php.net/manual/en/features.http-auth.php
. This will you how to get the little window that asks if you to enter a username and password. Nice trick if you don't want to use a html form.
As far as encryption there are multiple things you can do, but it is up to you. You will need to decide first off if you want someone at some point down the road to be able to see the passwords (i.e. you). Or if you do not want anyone to ever see the passwords (i.e. md5 or one way hash).

P.S. Congrats on learning php now. I wish I would have had the chance to learn something like this when I was your age. So that said....keep up the good work. OH....does your name stand for Age of Empires? Dumb question...I know. :eek:

Originally posted by eomer
You will need to decide first off if you want someone at some point down the road to be able to see the passwords (i.e. you). Or if you do not want anyone to ever see the passwords (i.e. md5 or one way hash).I would recommend always encrypting sensative data such as passwords. If you need it to be readable later, you can use mcrypt (http://us2.php.net/mcrypt), but for the most part, you shouldn't be looking at their passwords anyway. The only real reason to use a decryptable encryption would be if you want to be able to mail users lost passwords. But, you can just generate a new password using the one way encryption of your choice, and mail it to the user. They can then log in and change it.

That is esentially what I was saying. I've worked in help desk and technical support services for a while now. You would be surprised at the number of people who lose their passwords...or simply forget them.
The idea here is if he wants to see the password and be able to send it to the user or if he wants to make them give him a new one based on something like md5.

I have a client now who is upset at me because I took the last approach. Even though it is more secure. He wanted to be able to see the passwords etc. The idea I am saying here is to simply decide before you get to the point at which I am. Rewritting code.

yep, the "aoe" in my name is from Age of Empires. But I play Age of Mythology the titans now :D

Back to php:

Would be useful to be able to convert it back, the pages dont need to be "super-protected", its just a user page to send feedback and files etc.

Could someone give me some sample code in the login page?

My stuff is like this:

login.php - Enter details
enter.php - Would rather have login.php?step=2
Thats where I need the code to check for the username and password. I dont know too much about handling files, I know how to open one though. :)

I learned how to send mails with php :D

This is the code from my enter.php page:
btw. Bandit_Raider is my clan name


<html>
<head>
<meta http-equiv="Content-Language" content="en-gb">
<title>:: Bandits Clan Website :: User page ::</title>
</head>
<body background="http://bandits.clans.cc/aom/bg/egypt.jpg" topmargin="0" leftmargin="0" text="#FFFFFF" face="Arial">

<div align="left">
<table border="0" cellpadding="0" cellspacing="0" width="100%" style="background-image: url('http://bandits.clans.cc/users/header.jpg'); border: 2 groove #FFFFFF" height="16">
<tr>
<th width="100%" valign="middle" height="25">
<p align="center"><font color="#FFFFFF" face="Arial" size="4"><b>User page</b></font></p>
</th>
</tr>
</table>
</div>
<div align="left">
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tr>
<td width="5"></td>
<td width="849">
<!-- Text here -->
<?php
$user = $_POST["user"];
$pass = $_POST["pass"];
if($user == "Bandit_Raider" and $pass == "abc") {
echo "Logging in as ",$user;
}
//else {
//echo "Failed to log in as ",$user,". Password is wrong or username does not exist!"
// }
?>
<!--/Text here -->
</td>
</tr>
</table>
</div>
<div align="left">
<table border="0" cellpadding="0" cellspacing="0" width="100%" style="background-image: url('http://bandits.clans.cc/users/header.jpg'); border: 2 groove #FFFFFF">
<tr>
<td width="100%">
<p align="center"><font face="Arial">© 2003 Bandit_Raider</font></td>
</tr>
</table>
</div>

</body>
</html>


On a register page the email needs to be saved into the data file. I havn't created the register.php page yet.

I LOVE AOE!!!! :D :D. Haven't played aom :( . However, I like the classic aoe and aoe II :D :D :D.

ANYWAY

I would think using a database would be more secure and easier to work with. Sometimes it's difficult to code in all of the checks that mysql would use. With that said if you have availbility to a mysql server I would use it. Simply why re-create the wheel?

However, if you do not... then the file way is the only way to do it. I would consider if I were you to pick a file type and stick to it. I.e. xml would be great for this type of thing. A little difficult to setup at first, but well worth it down the road.

I am much more familiar with databases so far then files, so it might be a good idea to check out the filesystem functions in the php manual and run from there. Sorry I have done one file, but I prefer dbs... :eek: .

I am planning to use a DB as its safer. I dont understand any of those mysql functions on php.net

The mysql functions are only to the next level. There actual a lot easier then they look and I like'em alot.

First you have to connect to the db:
msql_connect ( [string hostname [, string server [, string username [, string password]]]])

Usually it looks like mysql_connect(localhost, user, password).
Then under mysql you have to indicate to the server which db you want to use so you use mysql_select_db(aoe) or whatever the db is.

From there you would run the queries on the tables to select what you need using msyql_query([query]). It's fairly simple. It just takes getting used to.

Do you have a table in a db setup for this already?

I havnt yet, dont really know what settings to use

The main problem is getting the data from the user and checking. I also need the settings for the table. For registering I need the form to add the data in the form to the table usr_data

Split like this:

[User];[Password];[Email]

EDIT:

How do I change page content based on the page.php?x=x etc??

Do you have a copy of phpmyadmin? If you don't get one. (http://www.phpmyadmin.net) Check to make sure that your control panel (assuming your service provides one) doesn't already have this tool. More and more of them are including this. Great tool. It's a web gui for mysql. Saves a lot of time learning the command-line/sql, but you need to at some point great stuff.

I created a quick table (you will have to create the db). Simple though. If you use phpmyadmin it's on the front page. If you use the sql it's create database [dbname];.

Here is the table:

CREATE TABLE `users` (
`user_id` INT( 14 ) NOT NULL AUTO_INCREMENT ,
`username` VARCHAR( 255 ) NOT NULL ,
`password` VARCHAR( 255 ) NOT NULL ,
`email` VARCHAR( 255 ) NOT NULL ,
PRIMARY KEY ( `user_id` )
);


I added a field user_id with an auto increment number. It will make it alot easier if you ever have to delete an account or find it whatever.

Then all you would need for the sql statement to pull up the user/pass is "select * from users where username = '$user' and password = '$password'".

At some point before this you would need to use the mcrypt to encrpt the $password variable before you ran the sql statement or they will not match.

After this just check to see if it returns a row with mysql_num_rows() function to get the number. If it returns one your cooking with gas and can enter the great aoe hideout. If it doesn't then the user entered a wrong user/pass.

That's the basics. If I were you I would do some reading up on all of the important mysql functions. Once you get the hang of it it'll be easy.

Just testing in da page :p

All the text I typed in this box before has evaporated! (However you spell it ;))

HEEELLLPP! IT SHOWS NOTHING :eek:

When you run the query or when?

What step are you on?

Did all you said, look at http://users.bandits.clans.cc/enter.php

Code is this:

<?php //connect to db
mysql_connect(localhost, raider_Raider, ***********)
mysql_select_db(raider_php)
mysql_query(user_data)

mysql_num_rows()

//define variables from form
$user = $_POST["user"];
$pass = $_POST["pass"];
?>

Ok...that's my bad. Sorry.

It needs to be more like:


<?php


$user = $_POST["user"];

$pass = $_POST["pass"];

//You have to get the data first. Then check the db.
//connect to db

mysql_connect(localhost, raider_Raider, ***********) or
die("Connection could not be made.");

mysql_select_db(raider_php) or
die("Could not connect to database.");
$check_user_data = "select * from users where username = '$user' and password = '$password'";
$query = mysql_query($check_user_data)
$num_results=mysql_num_rows($query);

if($num_results == 1)
{
$auth = true;
} else {
$auth = false;
}


?>

Parse error. I am checking to see if I can work it out.

It says the error is in this line:


$num_results=mysql_num_rows($query);

Add a semi-colon to the line above... :)

Oops, stupid question. Didnt think it needed it

INVALID MYSQL RECSOURCE

Yes, in PHP all lines must end in semi-colons. If they don't, it assums the line has not ended. For instance, you can do this:

echo "This
is
some
text!";

Oops.... me...feel stupid :eek: :D

http://users.bandits.clans.cc/enter.php

It gives error I said b4

How do I change content depending on whats after the ?

Instead of enter.php I would like

login.php?step=2

step=1 would be to enter details.

It wouldnt make sense to use an echo etc. in an echo

Ok... First invalid mysql resource. Make sure that you have the table uploaded and that the sql statement matches your table. I am assuming that you are using the one I sent you... make sure that the sql statement is what I posted here.

Next, Pyro, wasn't saying that this was something you could use. He (or she...sorry if she :D) was illustrating that you do not have to end the line at the end of the line. In other words if you do it like he is you do not have to put "; at the end of every line. Vbscript the end of the line...is the end of the line.

I'm not sure what you are talking about enter.php?step=1 or step=2. I looked over your other posts and didn't see this anywhere...unless of course I missed it. I assume that if you know how to use the $_POST variables then you are using the $_GET variables for these. So maybe a little explanation for the old man :D.

Originally posted by eomer
He (or she...sorry if she :D)...He, last I checked... ;)

I used the data that you gave me, exactly like that.

I know how to use the $_GET[""] but dont know how to define if its 1 or 2 and then write the page.

Yes but what are the steps for? I didn't see anything like that in your source, and this is the first that you have mentioned it. Oh, I wasn't trying to insult you sorry if it sounded like that. I was trying to say that I assume if youk now how to use $_POST then you know how to use $_GET. :D...



He, last I checked...
:D ok.

<html>
<head>
<meta http-equiv="Content-Language" content="en-gb">
<title>:: Bandits Clan Website :: User page ::</title>
<style type="text/css">
a { text-decoration: none;}
.btn {background-color: brown; color: #FFFFFF; border: 2 solid #FF0000}
</style>
</head>
<body background="http://bandits.clans.cc/aom/bg/egypt.jpg" topmargin="0" leftmargin="0" text="#FFFFFF" face="Arial" link="#FFFFFF" vlink="#FFFFFF" alink="#FFFFFF">
<div align="left">
<table border="0" cellpadding="0" cellspacing="0" width="100%" style="background-image: url('http://bandits.clans.cc/users/header.jpg'); border: 2 groove #FFFFFF" height="16">
<tr>
<th width="100%" valign="middle" height="25">
<p align="center"><font color="#FFFFFF" face="Arial" size="4"><b>User page
:: Login</b></font></p>
</th>
</tr>
</table>
</div>
<div align="left">
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tr>
<td width="854" colspan="2" background="../bggreek.jpg" style="border: 1 groove #FFFFFF"><font face="Arial">&nbsp;</font></td>
</tr>
<?php
$login = '<tr>
<td width="5"></td>
<td width="849">
<form method="POST" action="login.php?step=2">
<div align="left">
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tr>
<td width="150" align="center"><font face="Arial">User</font></td>
<td><input type="text" name="user" size="20"></td>
</tr>
<tr>
<td width="150" align="center"><font face="Arial">Password</font></td>
<td><input type="password" name="pass" size="20"></td>
</tr>
</table>
</div>
<p><input type="submit" value="Submit" name="login" class="btn"> <input type="reset" value="Reset" name="reset" class="btn"></p>
</form>
</td>
</tr>
</table>
</div>
'

$login2 = '
<?php $user = $_POST["user"];

$pass = $_POST["pass"];

//connect to db

mysql_connect(localhost, raider_Raider, **) or
die("Connection could not be made.");

mysql_select_db(raider_php) or
die("Could not connect to database.");
$check_user_data = "select * from users where username = '$user' and password = '$password'";
$query = mysql_query($check_user_data);
$num_results=mysql_num_rows($query);

if($num_results == 1)
{
$auth = true;
} else {
$auth = false;
} ?>
'
//content
$page = $_GET["step"]
if ($page == "1"){
echo $login
}

if ($page == "2"){
echo $login2
}

<div align="left">
<table border="0" cellpadding="0" cellspacing="0" width="100%" style="background-image: url('http://bandits.clans.cc/users/header.jpg'); border: 2 groove #FFFFFF">
<tr>
<td width="100%">
<p align="center"><font face="Arial">© 2003 Bandit_Raider</font></td>
</tr>
</table>
</div>

</body>
</html>


See anything??

When its login.php?step=2 then it should show what is in enter.php at the moment.

Ok...now I think I see what you are asking. You want the page to show up with the login form if they have not...and to actually log in if they do...pretty close.
Try this:
<?php
if(!isset($submit))
{
?>

<tr>

<td width="5"></td>

<td width="849">

<form method="POST" action="login.php">

<div align="left">

<table border="0" cellpadding="0" cellspacing="0" width="100%">

<tr>

<td width="150" align="center"><font face="Arial">User</font></td>

<td><input type="text" name="user" size="20"></td>

</tr>

<tr>

<td width="150" align="center"><font face="Arial">Password</font></td>

<td><input type="password" name="pass" size="20"></td>

</tr>

</table>

</div>

<p><input type="submit" value="Submit" name="login" class="btn"> <input type="reset" value="Reset" name="reset" class="btn"></p>

</form>

</td>

</tr>

</table>

</div>

<?php
} else {

$user = $_POST["user"];
$pass = $_POST["pass"];

//connect to db

mysql_connect(localhost, raider_Raider, **) or
die("Connection could not be made.");

mysql_select_db(raider_php) or
die("Could not connect to database.");

$check_user_data = "select * from users where username = '$user' and password = '$password'";
$query = mysql_query($check_user_data);
$num_results=mysql_num_rows($query);

if($num_results == 1)
{
$auth = true;
} else {
$auth = false;
}
?>

<div align="left">

<table border="0" cellpadding="0" cellspacing="0" width="100%" style="background-image: url('http://bandits.clans.cc/users/header.jpg'); border: 2 groove #FFFFFF">

<tr>

<td width="100%">

<p align="center"><font face="Arial">© 2003 Bandit_Raider</font></td>

</tr>

</table>
</div>

<?php
}
?>

This might have some errors in it, but it's just to give you a quick idea. The isset($submit) is based on the form's submit button (easy way of saying it), and if someone clicks it then the variable $submit is set. Which means that if it excepted it then it will show the next page. Now you will have to tweak it to show if the password did not work.

The !isset didnt work.

I changed it to use the login.php?step=2 now, like you did it with the !isset but just instead of the using

if ($_GET["step"] == "" or $_GET["step"] == "1"){
...
}

else {
....
}

Still got that MySQL error:


Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/raider/public_html/users/login.php on line 80


Enter any name/pass in and then it shows that

http://www.bandits.clans.cc/users/login.php?

http://www.bandits.clans.cc/users/login.php?step=2

What happened with !isset? Part of it I can see. The way this code I sent you is designed is that it would be both the login, and the main page...if it lets you in.

Try this in the query "select * from users" and tell me what happens.

Originally posted by eomer
What happened with !isset?Probably global variables (http://www.webdevfaqs.com/php.php#globalvariables)...

Yeah...I'm playing with it now. I found part of it. I put it as !isset($submit)...however I think it's supposed to be !isset($Submit) cause that's what it's named in the form....oops....

I am playing with the code...give me a little bit.

Try:

if (!isset($_POST['login'])) {
//will run in the form has not been submitted
}

No need to sort out the !isset stuff, thanks anyway :D

How do you add data to the fields in the table by webpage?

This block seems to be wrong, I dont understand what the problem could be


$check_user_data = "select * from users where username = '$user' and password = '$password'";
$query = mysql_query($check_user_data);
[GIVES ERROR HERE]$num_results=mysql_num_rows($query);

shouldnt the <<and password="$password">> be <<and password="$pass">>

Thats what has the password in from form

Try changing it...

I did, I put the select * bit in another thing:

$num_results = mysql_num_rows(select * from ......)

It just gives a different error.

I ment to this:

$check_user_data = "SELECT * FROM `users` WHERE `username` = '$user' AND `password` = '$pass'";
$query = mysql_query($check_user_data);
$num_results=mysql_num_rows($query);

Still gives the same error!!??

I edited the code with these ` in and messed around with it but still same prob.

Try something like this to see where it is erroring:

<?PHP
$db = mysql_connect('localhost', 'raider_Raider', 'password') or die(mysql_error());
mysql_select_db('raider_php') or die(mysql_error());

$sql = "SELECT * FROM `users`";
$query = mysql_query($sql) or die(mysql_error());
$num_results = mysql_num_rows($query) or die(mysql_error());
echo $num_results;
?>

Thanks to all of you!!
Thank you...Thanks you again

I just need to look at how to add data. I have sorted out the login now :)

I will try out the rest on my own, how do you save a cookie in PHP? Shall I just use JS?

JavaScript is not enabled for 13% of the web users. I would use PHP.

http://us3.php.net/manual/en/function.setcookie.php

JS...nah just use the stuff from here:
http://www.php.net/manual/en/function.setcookie.php
All you have to do is make sure that it is before the browser sends the headers.

Sorry I haven't responded in a bit. My network was hit my a stinkin' virus that casued all the computers to try and ping the gateway...which of course slowed everything down to a crawl until it stopped and I found it.

nevermind

I have a login class that uses a database with a user table, any database with a user table that has a username/password field. Let me know if you're interested...

P.S. I started using PHP when I was 14 and now that I'm 21 I still use it.. every day, at work ;) I guess you could say it changed my life :P

huh! why are you answering a almost 2 years old post?

huh! why are you answering a almost 2 years old post?

LOL!!

I didn't even look at the date, I was just answering the original post :o

hehe

I know this thread is quite old but hopefully someone will look at it an help me out.

I have read through it and used all the ideas to may my own logon script and database. Now I have run into the same problem as aoeguy did. When I run the following code:


<?php

if (isset ($_POST[submit]))
{
$user = $_POST["user"];

$pass = $_POST["pass"];

//You have to get the data first. Then check the db.
//connect to db

mysql_connect(localhost, CapitalC, waterloo) or die("Connection could not be made.");

mysql_select_db(users) or die("Could not connect to database.");

$check_user_data = "SELECT * FROM users WHERE user = `$user` and pass = `$password`";
$query = mysql_query ($check_user_data) or die ("Error in query: $query. ".mysql_error());

echo $query;

if(mysql_num_rows ($query) == 1)
{
$auth = true;
} else {
$auth = false;
}
echo $auth;
}
else
{
echo "<form action='$_SERVER[PHP_SELF]' method='post'>";
echo "<input type='text' name='user'><br>";
echo "<input type='password' name='pass'><br>";
echo "<input type='submit' name='submit' value='Submit'>";
}

?>

I get an error that says:
"Error in query: . Unknown column 'capitalc' in 'where clause'

I am not sure what this error means or how to fix it. I used phpMyAdmin to make the database, table, fields, and to enter the data into it. My table looks like this:

user_id tinyint(2) UNSIGNED ZEROFILL No auto_increment
user varchar(100) latin1_swedish_ci No
pass varchar(100) latin1_swedish_ci No

With the following test values filled in:

01 capitalc waterloo
02 kiran bellmobility

Thanks for any help you can provide!

Chris [CapitalC]

use backticks [ ` ] around table names, and columns names.

use quotes [ ' ] around values.

Thank you, I seem to be getting somewhere. However with my code like this:

$check_user_data = "SELECT * FROM users WHERE `user` = '$user' and `pass` = '$password'";

I now get this on screen:

Resource id #3

Now I have no idea if this is an error or what the hell it means. Any light that someone could shead on this would be great.

Chris [CapitalC]

that looks fine. What I would suggest is aadjusting your query to this:

mysql_query($check_user_data) or die("Mysql Error: ".mysql_error());

See what that says.

I do have that basic code. But my problem is that instead of outputting True or False as it is supposed to it gives me a blank screen. When I attempt to output the query (useing echo $query) I am presented with "Resource id #31" I have no idea where this is comming from or what it means.

My code as it stands now is:


<?php

if (isset ($_POST[submit]))
{
$user = $_POST["user"];

$pass = $_POST["pass"];

//You have to get the data first. Then check the db.
//connect to db

mysql_connect(localhost, CapitalC, waterloo) or die("Connection could not be made.");

mysql_select_db(users) or die("Could not connect to database.");

$check_user_data = "SELECT * FROM users WHERE `user` = '$user' and `pass` = '$pass'";
$query = mysql_query ($check_user_data) or die ("Error in query: $query. ".mysql_error());

if(mysql_num_rows ($query) == 1)
{
$auth = true;
} else {
$auth = false;
}
echo $auth;
}
else
{
echo "<form action='$_SERVER[PHP_SELF]' method='post'>";
echo "<input type='text' name='user'><br>";
echo "<input type='password' name='pass'><br>";
echo "<input type='submit' name='submit' value='Submit'>";
}

?>

mysql_connect('localhost', 'CapitalC', 'waterloo') or die("Connection could not be made.");

mysql_select_db('users') or die("Could not connect to database.");


use quotes. almost as simple as that underscore problem in the other post. if you do not have the quotes, it is looking for a constant named localhost, etc.

Unfortunately I still recieve the same "Resource id #31" messaege when i try to output the query results.

mysql_connect('localhost', 'CapitalC', 'waterloo') or die ("Connection could not be made.");

mysql_select_db('users') or die ("Could not connect to database.");

$check_user_data = "SELECT * FROM users WHERE `user` = '$user' and `pass` = '$pass'";

$query = mysql_query ($check_user_data) or die ("Error in query: $query. ".mysql_error());

echo $query;

if(mysql_num_rows ($query) == 1)
{
$auth = true;
} else {
$auth = false;
}
echo $auth;

If the query returns nothing the output should be false, if it returns a row it should be True and the row, and if it makes an error it should output the error. However, none of these occur.

As I'm not sure if I'm qualified to be making any suggestions, I was reading the handler & I saw something that made me think (I got a headache from said actions).

Here is a PART of what you typed:

if(mysql_num_rows ($query) == 1)
{
$auth = true;
} else {
$auth = false;
}
echo $auth;


IF I'm reading it right, shouldn't it be:

if(mysql_num_rows ($query) == 1)
{
$auth = true;
} else {
$auth = false;
}
echo '$auth';


I added straight quotes around your $auth variable. Perhaps, when it was trying to echo the variable, it couldn't because the syntax wasn't right? Maybe??? Just an observation. Let me know if I'm WAY off base, so I can learn HOW i was wrong.

echo '$auth'; would simply echo the literal string "$auth" to the browser, not the value contained by the variable $auth. In order to "interpolate" the variable, you would use double quotes: echo "$auth"; .

However, the quotes are not necessary since that is all you are echoing, so the original code should be OK in that respect. You could use quotes for something like this, though:

echo "<p>Result: $auth</p>\n";

As per the manual, mysql_query() returns a resource ID that points to the data set returned by the query. That is the resource ID used by related functions such as mysql_fetch_assoc(). So that "Resource ID 31" or whatever it was is fine - it tells you that something was returned by the query other than a failure.

I suspect that the number of rows retunred != 1, therefore you are echoing a Boolean FALSE, which is equivalent to a null string in this usage.

This is an error...

if (isset ($_POST[submit]))

// That says it is a constant it should be
if (isset($_POST['Submit']))
// Also the "s" in submit needs to be a capital "S"


The mysql_connect error is already addressed

but this is also an error...

echo "<form action='$_SERVER[PHP_SELF]' method='post'>";
// Here again it needs single quotes
echo "<form action=\"$_SERVER['PHP_SELF']\" method=\"post\">";

That would literally output $auth. According to Nogdog who I have seen make this point several times recently, single quotes will not allow variable interpolation. Since I personally escape all my quotes before inserting variables, I never run into this issue.


$test1 = "Hello";
$test2 = "Hi";

echo "$test1";
echo '$test2';

This code would output Hello$test2.

So, if you escape your quotes like below, it should solve the problem:


$check_user_data = "SELECT * FROM users WHERE `user` = '".$user."' and `pass` = '".$pass."'";

That's not escaping your quotes... That is called string concatenation.

Escaping your quotes would be like this...

$string = "Yo yo yo, he said \"It's done like this\" and \"Yup\" is what I said";