2 Replies - 200 Views - Last Post: 22 May 2013 - 07:58 PM Rate Topic: -----

#1 msz_900  Icon User is offline

  • New D.I.C Head

Reputation: -2
  • View blog
  • Posts: 32
  • Joined: 09-February 11

login error

Posted 22 May 2013 - 07:05 PM

hy to every one.
there is an error in my login page, when the user enter correct pass then it will not show any page, please see what is the error.

<?php
$username=$_POST['user'];
$password=$_POST['pass'];
//$host='localhost';
$user='root';
$pass='';
/* Connect to an ODBC database using driver invocation */
$dsn = 'mysql:host=localhost;dbname=login';
$dbh = new PDO($dsn, $user, $pass);
    if (empty($username)===true && empty($password)===true)
    {
        print("Username and password cannot be empty.");
        header("Location: form.php");
        }
        if(empty($username)===true||empty($password)===true)
        {
            echo " must fill both the field";
            header("location:form.php");
        }
        $res = $dbh->query("SELECT *  FROM users WHERE Username = '$username'& Password='$password'");
        $res->execute(array(
	':username' => $_POST['user'],
	':password' => hash('sha512',$_POST['pass'])
));
$check = $res->fetch();
if ($check) {
  header("location:aces.html");
}
        else
        {
$sql = "INSERT INTO users (Username,Password) VALUES (:username,:password)";
$q=$dbh->prepare($sql);
$q->execute(array(':username'=>$_POST['user'],':password'=>hash('sha512',$_POST['pass'])));
$count=$q->rowCount();
}





    /*$count = $dbh->exec($sql);
    $sql=null;
    if($count !== false) echo 'Number of rows added: '. $count;
    if ($sql) {
	echo 'Inserted: ' . $dbh->lastInsertId();
    
}*/

	
    
  	

?>



Is This A Good Question/Topic? 0
  • +

Replies To: login error

#2 CTphpnwb  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 2836
  • View blog
  • Posts: 9,741
  • Joined: 08-August 08

Re: login error

Posted 22 May 2013 - 07:14 PM

Check your error log file. What doe it show?
Was This Post Helpful? 0
  • +
  • -

#3 Atli  Icon User is online

  • D.I.C Lover
  • member icon

Reputation: 3637
  • View blog
  • Posts: 5,764
  • Joined: 08-June 10

Re: login error

Posted 22 May 2013 - 07:58 PM

These lines don't make a whole lot of sense:
$res = $dbh->query("SELECT *  FROM users WHERE Username = '$username'& Password='$password'");
$res->execute(array(
   ':username' => $_POST['user'],
   ':password' => hash('sha512',$_POST['pass'])
));


You prepare the query, but inject the values into the SQL statement the old fashion way, and then you go on to try to bind the same values to that statement using non-existent placeholders. - Something there is being lost in the translation between old MySQL API code and the PDO prepared statement code you are using.

Look at your INSERT statement later in that code. That's how this should be done.


Also. There is a bit difference between the bitwise AND operator (&) and the logical AND operators (&& or AND). In the context of grouping WHERE conditions, you usually want to be using one of the logical operators.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1