PHP Programming > Beginners - Learning PHP

If statement always executes, even when it shouldn't

(1/1)

malicious:
Can anyone point out to me why this keeps displaying the html located inside of if ( $auth = true ){}, even if wrong username/password combinations are used?  I'm sure it's something easy.  I just can't see it.



--- Code: ---<?php 

$auth = false; 
$user = $_POST['sn'&#93;;
$pass = $_POST['pw'&#93;;
if &#40;isset&#40; $user &#41; && isset&#40;$pass&#41;&#41; &#123; 

    
   $db = mysql_connect&#40; 'localhost', 'users', '*****' &#41; 
        or die &#40; 'Unable to connect to server&#46;' &#41;; 

    

    mysql_select_db&#40; 'pwtbl', $db &#41; 
        or die &#40; 'Unable to select database&#46;' &#41;; 

    

    $sql = "SELECT * FROM pwtbl WHERE 
            txt_Screename = '$user' AND 
            pw_pass = '$pass'"; 

   

    $result = mysql_query&#40; $sql &#41; 
        or die &#40; mysql_error&#40;&#41; &#41;; 

    

mysql_close&#40;&#41;;

    &#46; 

    $num = mysql_numrows&#40; $result &#41;; 

    if &#40; $num != 0 &#41; &#123; 

         

        $auth = true; 

    &#125; 

&#125; 

if &#40; $auth = true &#41; &#123; 
echo '

A bunch of html

'; 
    

&#125; 

else &#123; 
echo 'Authorization Required&#46;'; 
    exit; 

&#125; 

?>
--- End code ---

drewbee:
Weird... try doing this for me and see what it does..

   if ( $num > 0 ) {

         

        $auth = true;

    }

kcomer:
Your if statement says if $auth = true, that shoyuld really be $auth == true. Notice the double equal signs.

Keith

Navigation

[0] Message Index