0

I'm trying to build a login page for my forums using Apache and MySQL XAMPP Databases, But it returns the echo string multiple times, I know it goes through all of the rows in the database checking if it's true or not it returns it as "Invalid Username or Password!" until it Finds the correct login information then returns "Welcome" Might be.

while($rows = mysql_fetch_row($result)) {
    //echo $rows;
    if($name==$rows[1]) {
        if($pass==$rows[2]) {
            echo "Welcome!";
        }
    }
    else if ($name!==$rows[1]) {
        echo "Invalid Username or Password!";
        if($pass!==$rows[2]) {
            echo "Invalid Username or Password!";
        }
    }
    $row = $row + 1;
}

Here is my Output:

Invalid Username or Password!Invalid Username or Password!Invalid Username or Password!Invalid Username or Password!Welcome!

How is it done so it returns just the one that is incorrect and correct strings?.

Improve this question
2
  • $row has a integer type but you are using it as a array. EDIT: The last line of code you do $rows = $row + 1. "$row" is never a variable change it to "$rows". So it should be $rows = $rows +1 Commented Oct 6, 2014 at 11:09
  • Don't use the mysql library use mysqli as mysql is depreciated. php.net/manual/en/book.mysqli.php Commented Oct 6, 2014 at 11:50

3 Answers 3

Reset to default
3

I'm going about this from a different perspective. First of all the mysql_* extension is deprecated in as of PHP 5.5.0 and it's use is discouraged.

The next thing is I think you're going the wrong way about this. Why loop through the entire table for credentials when you can just check if there is a record with that username and that password? This is highly inefficient.

$stmt = $mysqli->prepare("SELECT * FROM users WHERE username = ? && password = ?");
$stmt->bind_param("ss", $name, $pass);
$stmt->execute();
$stmt->store_result();
$stmt->close();

// we found a record so the username and password match
if ($stmt->num_rows > 0) {
   echo 'Welcome!';
// no records so either the username or password doesn't match
} else {
  echo 'Invalid Username or Password!';
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Keep your code outside loop for return one row

$rows = mysql_fetch_row($result);
    //echo $rows;
    if($name==$rows[1]) {
        if($pass==$rows[2]) {
            echo "Welcome!";
        }
    }
    else if ($name!==$rows[1]) {
        echo "Invalid Username or Password!";
        if($pass!==$rows[2]) {
            echo "Invalid Username or Password!";
        }
    }
Improve this answer

Comments

0 

use simple code

$sql=mysql_query("select * from `admin_details` where admin_email='$email' and admin_pass='$pass'");
	
if (mysql_num_rows($sql) > 0) {
    echo "Welcome!";
} else {
    echo "Invalid Username or Password!";
}

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.