mysql - PHP login code error with mysql_query() -

-

i've been following login system tutorial. can find here. there 2 parts of coding c# , php. c# part working fine php part returning error. here php code:

<?php      $servername = getenv('ip');     $username = getenv('c9_user');     $passwordp = "";     $database = "game_database";     $dbport = 3306;      // create connection     mysql_connect($servername, $username, $passwordp, $dbport)or die("cant connect server");     mysql_select_db($database) or die("cant connect database");     // check connection   $email = $_request["email"]; $password= $_request["password"];  if (!$email || !$password){     echo"email or password must used"; } else{     $sql = "select * 'users' email = '"  . $email ."'";     $result_id = @mysql_query($sql) or die("database error");     $total = mysql_num_rows($result_id);     if ($total){         $datas = @mysql_fetch_array($result_id);         if (strcmp($password, $datas["password"])){                     $sql2 = "select characters users email = '" . $email ."'";                     $result_id2 = @mysql_query($sql2) or die("database error!!!");                     while ($row = mysql_fetch_array($result_id2)){                         echo $row ["characters"];                         echo ":";                         echo "success";                     }         }         else{             echo "wrongpassword";         }         }else {             echo "namedoesnotexist";         }     }  ?>

it seems error comes $result_id i'm not sure?

you true, error $result_id, because sql statement has problem , there stuff fix.

you have put users table in 2 single quotes, wrong.

your code is:

$sql = "select * 'users' email = '"  . $email ."'";

it should out quotes:

$sql = "select * users email = '"  . $email ."'";

you have wrote:

if ($total){

it should check how many users record found, typically should find 1 record , return 1, therefore change to:

if ($total == 1){

note1: when said, not mean code perfect, should further develop code fulfill nowadays requirement. suggest think of password hashing, use mysqli or pdo in sted of mysql , input sensitization. suggest @ link describes of things mentioned.

note2: able write total solution mysqli/pdo etc, wanted point errors have catch far in code can learn mistakes , develop self.

and in general read security principles, check page.

link1: http://www.wikihow.com/create-a-secure-login-script-in-php-and-mysql

link2: https://www.owasp.org/index.php/category:owasp_top_ten_project


Comments

Post a Comment

Popular posts from this blog

php - Zend Framework / Skeleton-Application / Composer install issue -

-
i trying create zend framework application using skeleton in netbeans. when run composer install, following error message: "c:\php\php.exe" "c:\composer\composer.phar" "--ansi" "--no-interaction" "update" "--dev" using deprecated option "dev". dev packages installed default now. loading composer repositories package information updating dependencies (including require-dev) requirements not resolved installable set of packages. problem 1 - package requires php >=5.5 php version (5.4.42) not satisfy requirement. problem 2 - installation request zendframework/zendframework 2.5.1 -> satisfiable zendframework/zendframework[2.5.1]. - zendframework/zendframework 2.5.1 requires php >=5.5 -> php version (5.4.42) not satisfy requirement. done. apparently, zend framework only needs php 5.3+ contradicts above. need use php 5.4. my composer.json following: { "name": "
Read more

c# - Better 64-bit byte array hash -

-
i need hash algorithm produces 64-bit hash code ( long ) fewer collisions string.gethashcode() , fast (no expensive calls cryptographic functions). here's implementation of fnv still shows 3% of collisions after testing 2 million random strings. need number way lower. void main() { const string chars = "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz!#@$%^&*()_+}{\":?><,./;'[]0123456789\\"; const int n = 2000000; var random = new random(); var hashes = new hashset<long>(); int collisions = 0; for(int = 0; < n; i++) { var len = random.next(chars.length); var str = new char[len]; (int j = 0; j < len; j++) { str[j] = chars[random.next(chars.length)]; } var s = new string(str); if(!hashes.add(get64bithash( s ))) collisions++; } console.writeline("collision percentage after " + n + " random strings: " + ((doubl
Read more

python - PyCharm Type error Message -

-
i'm newbie trying out ml/dbn in python (3.4) under pycharm (comm.ed 4.5). following definition def make_thetas(xmin,xmax,n): xs = np.linespace(xmin,xmax,n) widths = (xs[1:] - xs[:-1])/2.0 thetas = xs[:-1] + widths return thetas throws error "class 'tuple' not define ' sub ', '-' operator cannot used on instance" on - operator on third line (widths = ....) ideas on how code running under pycharm - works alright in interactive python window. thx. to all, after g'g lot have found workaround seems work within pycharm. workaround because (even python newbie) expected python not need explicit typecasting, not when using datatypes imported lib such numpy. def make_thetas(xmin,xmax,n): xs = np.array(np.linspace(xmin,xmax,n)) widths = (xs[1:] - xs[:-1])/2.0 thetas = xs[:-1]+ widths return thetas using docstrings type-hinting such below did not work def make_thetas(xmin,xmax,n): "&q
Read more