10 Replies - 13146 Views - Last Post: 24 November 2011 - 08:31 PM Rate Topic: -----

#1 jppedrinho   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 7
  • Joined: 30-March 11

error with php/mysql database.

Posted 30 March 2011 - 02:28 PM

Hello,

Im making a create account script and a login script in php and mysql database but it have one error:

login:

error:

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/me/public_html/login.php on line 15

code:

<?php
$con = mysql_connect("localhost","---","---");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("users", $con);

$user = $POST[user];
$pass = $POST[pass];

$result = mysql_query("SELECT * FROM users WHERE Username='$Username'");

while($row = mysql_fetch_array($result))
  {
  $Username = $row[Username];
  $Password = $row[Password];
  if ($user == $Username) {
    if ($pass==$Password){
      setcookie("user", $username, time()+30);
      header('Location: http://www.---.heliohost.org/online.php');
  }
  }
  else {
    echo "<center>Wrong username-password combination.</center>";
  }
  }
mysql_close($con);
?> 



create account:

error:


Parse error: syntax error, unexpected T_STRING in /home/me/public_html/create_account.php on line

script:

<?php
$con = mysql_connect("localhost","---","---");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("ppfun_users")
or die ("Unable to select database: " . mysql_error());


$sql="INSERT INTO users (Name, LastName, Email, Password, Username"
VALUES ("$_POST[name]","$_POST[lastname]","$_POST[email]","$_POST[pass]", "$_POST[user]");

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
else
  {
  echo "Account created!";
  }

mysql_close($con)
?> 


can someone help me?

thanks!

--pp

Is This A Good Question/Topic? 0
  • +

Replies To: error with php/mysql database.

#2 CTphpnwb   User is offline

  • D.I.C Lover
  • member icon

Reputation: 3795
  • View blog
  • Posts: 13,738
  • Joined: 08-August 08

Re: error with php/mysql database.

Posted 30 March 2011 - 02:52 PM

Try changing:
$sql="INSERT INTO users (Name, LastName, Email, Password, Username"
VALUES ("$_POST[name]","$_POST[lastname]","$_POST[email]","$_POST[pass]", "$_POST[user]");


to:
$sql="INSERT INTO users (Name, LastName, Email, Password, Username)
VALUES (".$_POST['name'].",".$_POST['lastname'].",".$_POST['email'].",".$_POST['pass'].", ".$_POST['user'].")";


but note that you're asking to be hacked. Look up SQL injection attack and PDO (prepared statments).
Was This Post Helpful? 0
  • +
  • -

#3 JackOfAllTrades   User is offline

  • Saucy!
  • member icon

Reputation: 6246
  • View blog
  • Posts: 24,014
  • Joined: 23-August 08

Re: error with php/mysql database.

Posted 30 March 2011 - 03:28 PM

#3 in the PHP FAQs.
Was This Post Helpful? 0
  • +
  • -

#4 jppedrinho   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 7
  • Joined: 30-March 11

Re: error with php/mysql database.

Posted 30 March 2011 - 04:50 PM

Thanks for answering.

The error of the login script stoped but I continue reciving an error of the create account script:

Parse error: syntax error, unexpected T_STRING in /home/me/public_html/create_account.php on line 13.

Thanks

--PP
Was This Post Helpful? 0
  • +
  • -

#5 jhouns   User is offline

  • D.I.C Head
  • member icon

Reputation: 25
  • View blog
  • Posts: 100
  • Joined: 21-December 09

Re: error with php/mysql database.

Posted 30 March 2011 - 04:58 PM

Try:
$sql="INSERT INTO users (Name, LastName, Email, Password, Username) VALUES (" . $_POST['name'] . "," . $_POST['lastname'] . "," . $_POST['email'] . "," . $_POST['pass'] . ", " . $_POST['user'] . ")";



You weren't including the valid SQL syntax as part of the string. You also weren't using the concatenation operator '.' which i highly reccomend.

This post has been edited by jhouns: 30 March 2011 - 05:18 PM

Was This Post Helpful? 0
  • +
  • -

#6 CTphpnwb   User is offline

  • D.I.C Lover
  • member icon

Reputation: 3795
  • View blog
  • Posts: 13,738
  • Joined: 08-August 08

Re: error with php/mysql database.

Posted 30 March 2011 - 05:01 PM

Well, from the information given I'm going to guess that you have a syntax error on line 12 or 13. I'm not clairvoyant, so that's about the best I can do with what you've told us.
Was This Post Helpful? 0
  • +
  • -

#7 CTphpnwb   User is offline

  • D.I.C Lover
  • member icon

Reputation: 3795
  • View blog
  • Posts: 13,738
  • Joined: 08-August 08

Re: error with php/mysql database.

Posted 30 March 2011 - 05:06 PM

View Postjhouns, on 30 March 2011 - 07:58 PM, said:

Try:
$sql="INSERT INTO users (Name, LastName, Email, Password, Username) VALUES (" . $_POST[name] . "," . $_POST[lastname] . "," . $_POST[email] . "," . $_POST[pass] . ", " . $_POST[user] . ")";


While PHP will let you get away with it, you should never leave associative array indexes unquoted. If you want to see the problems this can cause put a line like this anywhere before the query is generated:
define("email", "[email protected]");

Was This Post Helpful? 0
  • +
  • -

#8 jhouns   User is offline

  • D.I.C Head
  • member icon

Reputation: 25
  • View blog
  • Posts: 100
  • Joined: 21-December 09

Re: error with php/mysql database.

Posted 30 March 2011 - 05:17 PM

View PostCTphpnwb, on 30 March 2011 - 05:06 PM, said:

View Postjhouns, on 30 March 2011 - 07:58 PM, said:

Try:
$sql="INSERT INTO users (Name, LastName, Email, Password, Username) VALUES (" . $_POST[name] . "," . $_POST[lastname] . "," . $_POST[email] . "," . $_POST[pass] . ", " . $_POST[user] . ")";


While PHP will let you get away with it, you should never leave associative array indexes unquoted. If you want to see the problems this can cause put a line like this anywhere before the query is generated:
define("email", "[email protected]");

Aha my bad on this one, i always quote them but was checking the thread while working on something else and must have missed them. My bad thanks for catching the mistake :)
Was This Post Helpful? 0
  • +
  • -

#9 jppedrinho   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 7
  • Joined: 30-March 11

Re: error with php/mysql database.

Posted 30 March 2011 - 05:22 PM

View Postjhouns, on 30 March 2011 - 05:17 PM, said:

View PostCTphpnwb, on 30 March 2011 - 05:06 PM, said:

View Postjhouns, on 30 March 2011 - 07:58 PM, said:

Try:
$sql="INSERT INTO users (Name, LastName, Email, Password, Username) VALUES (" . $_POST[name] . "," . $_POST[lastname] . "," . $_POST[email] . "," . $_POST[pass] . ", " . $_POST[user] . ")";


While PHP will let you get away with it, you should never leave associative array indexes unquoted. If you want to see the problems this can cause put a line like this anywhere before the query is generated:
define("email", "[email protected]");

Aha my bad on this one, i always quote them but was checking the thread while working on something else and must have missed them. My bad thanks for catching the mistake :)


Hello jhouns, I tried using your code but it showed the following error:

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ',,, ),Resource id #1' at line 2

my code:

<?php
$con = mysql_connect("localhost","ppfun_pp","---");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("ppfun_users")
or die ("Unable to select database: " . mysql_error());


$sql='INSERT INTO users (Name, LastName, Email, Password, Username) VALUES (" . $_POST[name] . "," . $_POST[lastname] . "," . $_POST[email] . "," . $_POST[pass] . ", " . $_POST[user] . ")';

if (!mysql_query("$sql,$con"))
  {
  die('Error: ' . mysql_error());
  }
else
  {
  echo "Account created!";
  }

mysql_close($con)
?> 

Was This Post Helpful? 0
  • +
  • -

#10 amalfra   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 4
  • Joined: 07-September 09

Re: error with php/mysql database.

Posted 24 November 2011 - 12:35 PM

try this :--
change :
if (!mysql_query("$sql,$con"))
to :
if (!mysql_query($sql,$con))

:smile2:
Was This Post Helpful? 0
  • +
  • -

#11 macosxnerd101   User is offline

  • Games, Graphs, and Auctions
  • member icon




Reputation: 12314
  • View blog
  • Posts: 45,412
  • Joined: 27-December 08

Re: error with php/mysql database.

Posted 24 November 2011 - 08:31 PM

Figured I'd add as well that it isn't safe to pass $_GET and $_POST values to queries directly, as it leaves them open to SQL Injection Attacks. Instead, sanitize them using mysql_real_escape_string(). Or better, use Prepared Statements like PDO or MySQLi, which are immune to SQL Injection Attacks.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1