[web] [PHP] Trouble with my login script
Hi,
I won't help you with your code, but here are 2 quite good tutorials about creating a login system in PHP:
PHP Login Script with Remember Me Feature
PHP Login System with Admin Features
Both are written by the same author. The second one is just more advanced version of the first one. The code is rather clean and simple.
Regarding SQL injection - it's not something you should be worrying about at the very beginning, but later you should really take care of that:
SQL Injection Attacks by Example
">A movie!
I don't want to discourage you from learning php, but just take a look at Ruby on Rails [smile]
I won't help you with your code, but here are 2 quite good tutorials about creating a login system in PHP:
PHP Login Script with Remember Me Feature
PHP Login System with Admin Features
Both are written by the same author. The second one is just more advanced version of the first one. The code is rather clean and simple.
Regarding SQL injection - it's not something you should be worrying about at the very beginning, but later you should really take care of that:
SQL Injection Attacks by Example
">A movie!
I don't want to discourage you from learning php, but just take a look at Ruby on Rails [smile]
as Sander said, fix this on line 4
into this:
and this one (line 21, in the code posted above)
into this
Hope it helps. you should also get some editor with syntax highlighting. i'm not recommending dreamweaver, if you don't want to make a living out of web-dev, but there are a lot of free editors out there. They'll help you notice this kind of mistakes, by showing you what's between a string (and you'll have to see what's a string, and what should be code).
best of all,
izua
$errorMessage = ';into this:
$errorMessage = ''';and this one (line 21, in the code posted above)
if ($result['user_id']!=') {into this
if ($result['user_id']!=''') {Hope it helps. you should also get some editor with syntax highlighting. i'm not recommending dreamweaver, if you don't want to make a living out of web-dev, but there are a lot of free editors out there. They'll help you notice this kind of mistakes, by showing you what's between a string (and you'll have to see what's a string, and what should be code).
best of all,
izua
Author
Thank you everyone for your help. ill try to fix up my code tommorow and gret back to you guys with any questions I may have.
Author
Its me again :D. ive finally had time to get back to this. ive updated my code with your suggestions, but im still getting an error:
Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in [login.php]
Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in [login.php]
Terradigits, PHP should've also included the offending line number with the error. Could you post that line of code along with the preceding line and the one that follows?
Author
sorry, didnt realize I cut that out. The line number is 20, here is the code:
// check if the user id and password combination exist in database $sql = "SELECT user_id FROM users WHERE user_id = '$userId' AND user_password = '$password'; $result = $result=mysql_fetch_assoc($n); //LINE 20if ($result['user_id']!=') {
here :)
replace this one with:
i'm not sure if you can do this type of associations in php. it might be possible, though. but you just want to get the result from mysql into a variable :)
izua
$result = $result=mysql_fetch_assoc($n); //LINE 20replace this one with:
$result = mysql_fetch_assoc($n); //LINE 20i'm not sure if you can do this type of associations in php. it might be possible, though. but you just want to get the result from mysql into a variable :)
izua
Author
I hate it when I make stupid typos like that :). I really do need to get an editor...
EDIT: hmm I still get the same error
EDIT: hmm I still get the same error
Actually, PHP will should parse that without error believe it or not. What I don't understand is what the $n variable is representing...and you dropped the call to mysql_query. You'll need that to get a valid mysql resource which you would then pass to mysql_fetch_assoc().
The error you're getting is caused by not properly closing the string containing the SQL with a double quote.
Here's the fixed version of the code snippet you provided:
But in all honesty, this seems like your first attempt at PHP and there's many parts of the code which could throw errors and many parts which could be optimized and secured better. I recommend starting a bit smaller like getting through some hello worlds and learning how form data is accessed, etc. Just experiment and get the basics down so that you always understand exactly what's going on.
Then move on to putting it together as a useful application. Also be sure to consult the PHP Manual to learn about all the useful functions PHP offers.
As previously mentioned, a syntax highlighting editer is indispensible. Google "PHP Designer" for the one I use. (it's a free download)
Hopefully this provides some insight...good luck with everything.
The error you're getting is caused by not properly closing the string containing the SQL with a double quote.
Here's the fixed version of the code snippet you provided:
// check if the user id and password combination exist in database $sql = "SELECT user_id FROM users WHERE user_id = '$userId' AND user_password = '$password'"; // closed string w/ double quote $result = mysql_query($result) or die(mysql_error); // get mysql result resource $row = mysql_fetch_assoc($result); //LINE 20if (!empty($row['user_id'])) {But in all honesty, this seems like your first attempt at PHP and there's many parts of the code which could throw errors and many parts which could be optimized and secured better. I recommend starting a bit smaller like getting through some hello worlds and learning how form data is accessed, etc. Just experiment and get the basics down so that you always understand exactly what's going on.
Then move on to putting it together as a useful application. Also be sure to consult the PHP Manual to learn about all the useful functions PHP offers.
As previously mentioned, a syntax highlighting editer is indispensible. Google "PHP Designer" for the one I use. (it's a free download)
Hopefully this provides some insight...good luck with everything.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
