|
|
Posted by Geoff Berrow on 11/18/38 11:43
Message-ID: <1143380252.455408.289030@e56g2000cwe.googlegroups.com> from
comp_guy contained the following:
>i was hope someone would know my failings! here is my code:
I hope this isn't coursework... And please, do not multipost, I've a
feeling I've already answered some of this elsewhere.
>
><?php
>
>$connection = mysql_connect("sentinel.cs.cf.ac.uk","scm5sjc","my
>password here");
>
>$password=$_POST['password'];
Arrrgh!! I know I corrected this!
$password=mysql_real_escape_string($_POST['password']);
>
>mysql_select_db("sjcdb",$connection) or die("failed!");
>
>$sql = mysql_query("SELECT * FROM users WHERE password = '$password'");
this should be
$sql = "SELECT * FROM users WHERE password = '$password'";
>
>$result = mysql_query($sql)or die(mysql_error());
>
>$rows = mysql_num_rows($result);
$rows will contain the number of rows
>
>if ($rows){
I think I'd prefer
if($rows>0){
>
> if ($password == $row[9]){
What's this for? $rows is not an array and doesn't magically contain
the password. You just checked if there was a row with a password so
this is not doing anything
Try again.
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
Navigation:
[Reply to this message]
|