Any PHP guru's out there?
|
|
Anyone have any clue as to why this would throw up the Fail tag, every time;
<html> <body>
<form action="databaseniz.php" method="post"> Name: <input type="text" name="login" /><br> Password: <input type="password" name="password" /><br>
<input type="submit" /> </form>
</body> </html>
<?php session_start(); $link = mysql_connect("localhost", "root", "password"); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } $db = mysql_select_db("my_db"); if(!$db) { die("Unable to select database"); } $login = $_POST['login']; $password = $_POST['password']; if(!$login || !$password) { echo "Error"; session_write_close(); exit(); } $qry="SELECT * FROM Username WHERE Name='$login' AND Pass='$password'"; $result=mysql_query($qry); if($result) { if(mysql_num_rows($result) > 0) { echo "Success"; session_write_close(); header("home.html"); exit(); } else { echo "Fail"; //THIS LINE ALWAYS IS SHOWN exit(); } } else { $qry2="INSERT INTO Username VALUES Name='$login' AND Pass='$password'"; $result2=mysql_query($qry2); if($result2) { echo "Created"; } header("2.html"); } ?>
|
Your use of sessions also confuses me, as they don't appear to be... used. You're not assigning anything to $_SESSION, so it seems a bit pointless. (On that note, you're also not hashing the users passwords. You should -always- hash a users password, never store it in your database in plain text.)
Your assignment of the database to a variable is unnecessary unless you intend to connect to several databases at once. You can perform the same check with this:
exit() and die() are one in the same. You can print stuff to the user with it just as the script dies. echo("omg"); die(); is the same as die("omg"); or exit("omg");
Your error itself could be related to MySQL. Instead of printing "Fail", try printing something like:
die("Fail: " . mysql_error());