How do i change the $username and $password variables to call username & pass.

General PHP Help
#1

We are trying to build a login system for a PHP CMS. At the moment, there is one record in an Access database called ‘Administrator’ which contains one user record with AutoNumber ID ‘1’, username ‘admin’ and password ‘password’. When testing the login page using this username and password, we always get the ‘Wrong Username and Password’ error and we aren’t sure why. We believe the problem is in the variables.

[php]<?php
session_start();
require ‘DBConn.php’;
$db=@odbc_connect($dbconn,’’,’’)
or die("connect error: ".odbc_error());

// get passed parameters
$username=trim(stripslashes($_POST[‘username’]));
$password=trim(stripslashes($_POST[‘password’]));

$sql=“SELECT * FROM Administrator WHERE username=’$username’ and password=’$password’”;

// prepare and execute in 1 statement
$result=odbc_exec($db,$sql)
or die ("result error ".odbc_error().’-’.odbc_errormsg());

// if no result: no rows read
if (!odbc_fetch_row($result)) {
die(“Wrong Username or Password”);

// else: all is okay
} else {
$_SESSION[‘username’]=$username;
$_SESSION[‘password’]=$password;
header(“location:login_success.php”);
}
odbc_close($db);
?>[/php]

#2

Well, how did you debug this so far? A hint on debugging PHP code. It is a simple process to just display your variables and usually this will show where the error has occurred. So, this is what I suggest…

First, at line 12 add this line: die($sql);

What this will do is simply display your query as it is passed to the SQL server.
This will tell you if you are asking the correct query or not.

Since the function “odbc_fetch_row” returns zero output, you must be sending something bad in
the query. You can test the output of the “DIE” command in your MySQL control panel by posting the
query manually and it will give you the correct error.

Most likely it is a difference in what is stored and what it being asked for. Are you sure that the data
inside the database has been “TRIMMED” as you have in your code? Perhaps there is a space at the
end of one of the entries?

Well, let us know if that locates the error for you. Good luck…

Sponsor our Newsletter | Privacy Policy | Terms of Service