Alright i am creating a community at iqlogin.net and am in the middle of creating a login script. the only problem is the way i have it set up i need mysql_fetch_arrays() which doesnt exist in my version of mysql (3.23) so i need something which will do the same with this code <?php if($_POST["login"]) { $_USERID = stripslashes($_POST["userid"]); if(!$_USERID) { $_ERROR = 'Incorrect user ID'; } $_PASS = stripslashes($_POST["password"]); if(!$_PASS) { $_ERROR = 'Incorrect password'; } $_SELECT = mysql_query("SELECT * FROM iql_users WHERE userid='$_USERID' AND password='$_PASS'"); if(!$_SELECT) { $_ERROR = 'Failed querying the database please notify the site administrator'; } $_RESULT = array($select); if(!$_RESULT) { $_ERROR = 'Failed recieving data please notify the site administrator'; } if($_RESULT[0] && $_RESULT[1]) { setcookie('userid', $_USERID, time()+3600); $_HASH = md5($_PASS); setcookie('password', $_HASH, time()+3600); } if(isset($_ERROR)) { ?><p class=error><?php echo $_ERROR ;></p> <form action='http://www.iqlogin.net/login.php' method='post' class="login-form"> <input type="text" size="20" maxlength="20" name="username"><br /> <input type="password" size="20" maxlength="20" name="password"><br /> <input type="submit" name="login" value="Login"> </form> <a href="http://www.iqlogin.net/register.php">Register For Free</a> <?php } } else { ?> <form action='http://www.iqlogin.net/login.php' method='post' class="login-form"> <input type="text" size="20" maxlength="20" name="username"><br /> <input type="password" size="20" maxlength="20" name="password"><br /> <input type="submit" name="login" value="Login"> </form> <a href="http://www.iqlogin.net/register.php">Register For Free</a> <?php } ?> PHP: any help would be great! thanks
You could not make SQL injection easier. You even strip possible slashes. Have a look at this page: www.php.net/mysql_real_escape_string And I'm pretty sure mysql_fetch_array() should work. What error do you get?
Probably you made a typo? The existence of MySQL functions is usually not determined by the version of MySQL you are using... Try to replace $_RESULT = array($select); PHP: by $_RESULT = mysql_fetch_array($_SELECT); PHP: ...otherwise the line would not make much sense
i fixed it by separating the two different values that would be in the array into different querys like so: $_HASH = md5($_PASS); $_CONNECT = mysql_connect("localhost","$db_user","$db_pass"); if (!$_CONNECT) { $_ERROR = 'Error: ' . mysql_error(); } mysql_select_db("$db", $_CONNECT); $_SELECT1 = mysql_query("SELECT userid FROM iql_users WHERE userid='$_USERID'"); if(!$_SELECT1) { $_ERROR = 'Error: Incorrect user id'; } $_SELECT2 = mysql_query("SELECT password FROM iql_users WHERE password='$_PASS'"); if(!$_SELECT2) { $_ERROR = 'Error: Incorrect password'; } mysql_close($_CONNECT); if($_SELECT1 && $_SELECT2 && $_SELECT3) { setcookie('userid', $_USERID, time()+3600); setcookie('password', $_HASH, time()+3600); } PHP: and effectively made my own array. now i could have actually done $_RESULT = array ($_SELECT1, $_SELECT2) PHP: but that would make very much sense just more work