0

I'm attempting to use multiple ANDs in this query below, and it messes up the password every time when I attempt to use my login feature. code below.

// this is my problem, right here
    $result = mysql_query("SELECT username, password, FirstName FROM members 
                            WHERE username='$myusername' 
                              AND password='$mypassword' 
                              AND  FirstName = '$firstname'");

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row


if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_start();
$_SESSION['myusername'] = $myusername;
$_SESSION['mypassword'] = $mypassword;
$_SESSION['firstname'] = $firstname;

EDIT:

SQL Query:

Table Name: members

username | password | FirstName | LastName 
johndoe    deers       John        Doe

PHPMyAdmin tells me it returned zero rows when I run it there.

Improve this question
7
  • How does it mess it up? What does " it messes up the password every tim" mean? Commented Jul 8, 2010 at 19:31
  • 1
    How is the password being messed up? I don't see a problem with the query... also, why are you storing user's passwords in the session..? That doesn't seem safe... Commented Jul 8, 2010 at 19:31
  • What do you mean by "messes up the password"? Commented Jul 8, 2010 at 19:32
  • 1
    Bisko- sorry, every time I try to login, it just gives me my wrong password error. I think it's tacking on the FirstName to password or something. Commented Jul 8, 2010 at 19:32
  • There may be several issues with your code involving SQL injection that others will probably also bring up. First, however, let's focus on what's going wrong. Print out your SQL query so we can see if there is anything wrong with it (use a dummy password). You can also run this query by itself in phpMyAdmin to see if it actually returns anything. Commented Jul 8, 2010 at 19:33

2 Answers 2

Reset to default
3

A) Don't store the password in memory at all

B) Hash the password

C) There's no reason to filter where FirstName = anything if you're already filtering by username and password. Are you asking the user for their username, password and FIRST NAME when they log in? Where are you getting that variable from? Are usernames not unique or something?

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

A) Yes I know B) I will be doing this, no worries C) No, but I want to access the FirstName and all of the other data in that row after they login. That's my main question. Thanks for the help so far!
Your are already getting everything in the row in the SELECT query. The question still remains: why filter on FirstName?
You can still select FirstName without filtering by FirstName.
Well I just don't know how to set FirstName of the user to a $variable. I want to print it out and such!
I hope I'm mistaken here... but do you think that your WHERE clause is assigning those variables? Because it isn't. You have to fetch the row and iterate over the result and assign those variables.
|
0

If I understand correctly the problem, you should check that you type the case of the username, password and FirstName correctly (meaning the values which you check in the database).

If you want to make it case insensitive you should use LIKE.

Also if this comment is right

// If result matched $myusername and $mypassword, table row must be 1 row

This means that you shouldn't even check for FirstName in first place?

Also if you can give sample data, this would help a lot!

Improve this answer

8 Comments

I've never seen any remotely modern DBMS compare text case-sensitively in a VARCHAR or CHAR column. If yours does, it's broken and should be replaced with something from the past 20 years.
@cHao: I have, Oracle. It depends on the collation - some DB's set per table (and possibly column?), otherwise database wide.
@OMG Ponies: And...this is the point where i say "Well then, Oracle needs to be taken out back and shot." Or maybe just the DBAs do.
@cHao: You missed the part about the collation being key, not the vendor.
@cHao: That is your belief, not fact - MySQL, the default collations (latin1 and latin1_swedish_ci) are case insensitive: dev.mysql.com/doc/refman/5.1/en/case-sensitivity.html These are not "languages", per se.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.