need help with login script

i have this script for login but all i am getting is a blank screen
you login with an email addy if wrong should go to wrong page

here is what i have

<?php

include("connectdb.php"); 

$rResult = mysql_query( 
   sprintf(        
   "SELECT * FROM register WHERE email = '%s' LIMIT 1",        
   mysql_real_escape_string($_POST['myemail'])    
   )
   );
   if(1 !== mysql_num_rows($rResult))
   {    
   header('Location: wrong.php');    
   exit;
  }

$aRecord = mysql_fetch_assoc($rResult);
 printf(    
   '
    <strong>Type:</strong>%s<br />    
	<strong>State:</strong>%s<br />    
	<strong>Area:</strong>%s<br />    
	<strong>Description:</strong>%s<br />        
	 <strong>ID:</strong>%s<br /> 
	',
	$aRecord['type'],    
	$aRecord['state'],    
	$aRecord['area'],    
	$aRecord['desc'],        
	$aRecord['ID']
	
 );


?>
<p> This is your Record Details if you want to Delete press here<p>
</body>

PHP:

cheers
Doug

 

Have you tried echo()ing out the result of mysql_num_rows($rResult) to see what the value is?

That or try changing this:
if(1 !== mysql_num_rows($rResult))

To this:
if (intval(mysql_num_rows($rResult)) < 1)

 

Change:

if(1 !== mysql_num_rows($rResult))

PHP:

To:

if (mysql_num_rows($rResilt) == 0)

PHP:

 

TRY THIS

<?php
include("connectdb.php"); 

if($_POST && !empty($_POST['myemail']))
{
	$email=mysql_real_escape_string($_POST['myemail']);
	$rResult = mysql_query( "SELECT * FROM register WHERE email = '$email' LIMIT 1");       
	if( mysql_num_rows($rResult) > 0)
	{
		$aRecord = mysql_fetch_assoc($rResult);
		echo " <strong>Type:</strong>$aRecord['type']<br />    
			   <strong>State:</strong>$aRecord['state']<br />    
			   <strong>Area:</strong>$aRecord['area']<br />    
			   <strong>Description:</strong>$aRecord['desc']<br />        
			   <strong>ID:</strong>$aRecord['ID']<br /> ";
	}
	else
	{ 
		header('Location: wrong.php');    
	}
}
else
	echo 'Nothing Posted!';
 
?>

Code (markup):

 

ok changed to this script now getting http internal server error

<?php

include("connectdb.php"); 

if($_POST && !empty($_POST['myemail']))
{
	$email=mysql_real_escape_string($_POST['myemail']);
	$rResult = mysql_query( "SELECT * FROM register WHERE email = '$email' LIMIT 1");       
	if( mysql_num_rows($rResult) > 0)
	{
$aRecord = mysql_fetch_assoc($rResult);
		echo " <strong>Type:</strong>$aRecord['type']<br />    
			   <strong>State:</strong>$aRecord['state']<br />    
			   <strong>Area:</strong>$aRecord['area']<br />    
			   <strong>Description:</strong>$aRecord['desc']<br />        
			   <strong>ID:</strong>$aRecord['ID']<br /> ";
	}
else
	{ 
		header('Location: wrong.php');    
	}
}
else
	echo 'Nothing Posted!';


?>
<p> This is your Record Details if you want to Delete press here<p>
</body>

PHP:

can any one see what is wrong
cheers
Doug

 

the array values are messing it up, replace the echo with this:

echo " <strong>Type:</strong>" . $aRecord['type'] . "<br />
<strong>State:</strong>" .$aRecord['state']. "<br />
<strong>Area:</strong>" .$aRecord['area']. "<br />
<strong>Description:</strong>" .$aRecord['desc']. "<br />
<strong>ID:</strong>" .$aRecord['ID']. "<br /> ";

 

the array is wrong it think

 

ok so far i have got the code work after changeing it a little but do not have any thing if peeps enter wrong email addy if some one could help
cheers
Doug

<?
// Connect database 
include("connectdb.php");
$myemail=$_POST['myemail'];
// Get all records in all columns from table and put it in $result.
$result=mysql_query("select * from register where email='$myemail'");

/*Split records in $result by table rows and put them in $row. 
Make it looping by while statement. */
while($row=mysql_fetch_assoc($result)){

// Output 
Echo "<b>ID :</b>" . $row['ID'] . "<br/>";
Echo "<b> State :</b>" . $row['state'] . "<br/>";
Echo "<b> Type :</b>" . $row['type'] . "<br/>";
Echo "<b> Area :</b>" . $row['area'] . "<br/>";
Echo "<b> City :</b>" . $row['city'] . "<br/>";
Echo "<b> Desc :</b>" . $row['desc'] . "<br/>";
Echo "<b> Name :</b>" . $row['name'] . "<br/>";
Echo "<b>Email :</b>". $row['email'] . "<br/>";

// Add a link with a parameter(id) and it's value. This for update record at update.php 
Echo '<a href="update.php?id='.$row['ID'].'">Update</a>';
Echo "<br/>";
// Add a link with a parameter(id) and it's value. This for delete record at delete.php 
Echo '<a href="delete.php?id='.$row['ID'].'">Delete</a>';
Echo "<hr>";
}

mysql_close();
?> 

PHP:

 

First of all, you're passing user-input directly to a database query. That is extremely dangerous and opens you up to a wide array of SQL-injection based attacks. If nothing else, change this:

$myemail=$_POST['myemail'];

To this:

$myemail = addslashes($_POST['myemail']);

And judging by the issue you're having now, you'll probably want to do a:

SELECT count(email) FROM `register` WHERE email='$myemail'

Then check the result to verify it's greater than 0. If it is, proceed as normal. Otherwise, throw an error message about no such email existing in the database.

 

Please, please, post the error message.

 

if you want to use it on multiple pages then you will need to add some SESSIONS. that's the easyest way i think.

 

You can add a generic javascript to check email format but you cant guarantee that user will enter a useable email addr.