[RESOLVED] Reading and validating user from SQL database table.

Hello, I've been pulling my hair!!!! :confused: I've done this with a site that's online and works and pretty much copy/pasted that code into this application; and yes I've changed the variable/field names of the involved tables and files. However, it's not working... If you could please look and see if I'm missing something really stupid!

Thank You,
Barrie

Edit: I've echo'ed $techno and it's being passed correctly and is in the 'user' table. I'm running Ubuntu 8.04 / Apache 2.2.8 / PHP 5.2.4

PHP Code:

<?php session_start(); echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\" \"http://www.w3.org/TR/html4/strict.dtd\">"; echo "<html>"; echo "<head>"; echo "<title>Password Check</title>"; echo "<meta http-equiv=\"content-type\" content=\"text/html; charset=iso-8859-1\" />"; echo "<meta name=\"generator\" content=\"Emacs\"/>"; echo "</head>"; echo "<body>"; /* We have a techno. */ $techno = $_POST['techno']; /* Connect to the database and open the tables */ $hostname="xxxxxxxxxx"; $username="xxxxxxxxxx"; $password="xxxxxxxxxx"; $dbname="xxxxxxxxxx"; mysql_connect($hostname, $username, $password) OR DIE ("Unable to connect to database! Please try again later."); mysql_select_db($dbname); /* Get the user data */ $sql = "SELECT * FROM users WHERE techno = '$techno'"; $result = mysql_query($sql); while($row = mysql_fetch_row($result)) { $ndx = $row[0]; $name = $row[1]; $pword = $row[2]; $techno = $row[3]; } /* Close the database connection */ $sql = mysql_close(); /* Check if registered user; i.e. if $name is "" then no user found. */ if ($name == "") { include 'badpass.php'; exit(); } /* User is valid, save the techno */ $_SESSION['techno'] = $techno; include 'index-go.html'; echo "</body>"; echo "</html>"; exit(); ?>

Hmn, try this:

PHP Code:

<?php session_start(); define('DEBUG', TRUE); echo <<<MYHTML <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <title>Password Check</title> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1"> <meta name="generator" content="Emacs"> </head> <body> MYHTML; if(DEBUG) echo "<pre>"; if(isset($_POST['techno'])){// submitted info $techno = $_POST['techno']; if(DEBUG) echo "techno submited: {$techno}\n\n"; $hostname="xxxxxxxxxx"; $username="xxxxxxxxxx"; $password="xxxxxxxxxx"; $dbname="xxxxxxxxxx"; mysql_connect($hostname, $username, $password) OR die("Unable to connect to database! Please try again later."); mysql_select_db($dbname); $sql = "SELECT * FROM `users` WHERE `techno`='{$techno}'"; $result = mysql_query($sql); if(DEBUG) print "\nQUERY: \n" && var_dump($sql, mysql_error()); if(mysql_num_rows($result)){// one or more rows while($row = mysql_fetch_row($result)) { $ndx = $row[0]; $name = $row[1]; $pword = $row[2]; $techno = $row[3]; if(DEBUG) print "\nA ROW: \n" && var_dump($row); } $_SESSION['techno'] = $techno; include 'index-go.html'; }else{ include 'badpass.php'; } mysql_close(); } if(DEBUG) echo "</pre>"; echo "</body> </html>"; exit;

It's not very different, I've just added some debug, which should be helpful (just edit the define of debug when you have found your probelm by setting it to FALSE for off).

Thank you Scragar! This is most puzzling... I added a line in the query loop where it would print out the variables and the code is reading the user table and then it all falls to s*** on the test for a NULL user name. This app. isn't a security issue of any kind but this check precludes the tech.'s from entering a typo when they update their customer records. That could be a mess later...

I'll give it a break for a bit... :eek:

Barrie

Edit: I even changed the query to SELECT * FROM users and setting a flag when the variables matched, still no go!

Gottit! I had the field type set to TEXT and my techno had no.'s in it. :o

Barrie