0

I have to query a DB where i stored credentials for login (for homework). This is my php code but it's not working.

<?php
$user = "cardatabase";
$password = "";
$host = "";
$database = "my_cardatabase";
$connession = mysql_connect($host, $user, $password);
mysql_select_db($database, $connession);


$id = $_REQUEST['id'];
$password = $_REQUEST['password'];

$query = "select Password
          from Client
          where IDClient = '".$id."'";
$result = mysql_query($query, $connession);

echo $result;

            if ($result == $password) {
                echo ok;
            } else {
                echo error;}
mysql_close();
?>

I tried to print the value coming from my html page and it's correct, so there should be a problem with this code but i can't figure it out.

Improve this question
2
  • I assume that the IDClient is of numeric type so you have extra quote around the $id. Commented Feb 16, 2014 at 16:55
  • it's alphanumeric, what should the correct quotation be? Commented Feb 16, 2014 at 17:02

4 Answers 4

Reset to default
1

replace the code

mysql_select_db($database, $connessione);

to

mysql_select_db($database, $connession);
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

change the following code ::

<?php     
  $connession = mysql_connect($host, $user, $password) or die( mysql_error() . " <br/> could not connect to server");
  mysql_select_db($database, $connessione) or die( mysql_error() . " <br/> could not connect datbase");


  $id = $_REQUEST['id'];
  $password = $_REQUEST['password'];

   $query = "select Password
      from Client
      where IDClient='{$id}'";

   $result = mysql_query($query, $connession) or die(mysql_error());

   if( mysql_num_rows($result) > 0 )  {
       $row = mysql_fetch_array($result) or die(mysql_error());

       $dbPassword = $row['Password'];
       if( strcmp($password, $dbPassword) == 0 )  {
           echo "ok";
       }
       else {
           echo "Error";
       }
   }
   else {
       echo "error";
   }

   mysql_close();
?>
Improve this answer

Comments

0

You have an extra e on the end of your second variable name on the following line:

mysql_select_db($database, $connessione);
Improve this answer

Comments

0

First problem:

$connession = mysql_connect($host, $user, $password);
mysql_select_db($database, $connessione);

You have an extra e, so that should be:

mysql_select_db($database, $connession)

Second problem: mysql_query returns a resource - you need to do something like:

$result = mysql_query($query, $connession);
$rows = mysql_fetch_assoc($result);
echo $rows[0]['password'];
Improve this answer

2 Comments

it prints nothing, meaning query was unsuccessful? anyway the connession/e was my misprint is this question on the .php it was correct
echo $rows[0]['password']; should actually be echo $rows[0]['Password'];

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.