Hi all! I'm a php newbie and I'm having a problem that I think more experienced people can help me out with. I'm making a website in flash 8 and I'm trying to create a SignIn where the user will be filling in their username and password and flash will be sending them to a php script. The php script will be searching my database and it will be returning two variables to flash: A variable named signed, which will be indicating that the user was found in the database and a variable named admin, which will be indicating that the user (that has been found) is an admin. Here's the code: <?php //Gets values from flash $Username= $_POST['Username']; $Passwrd= $_POST['Passwrd']; // Connects to Database mysql_connect('localhost', 'root') or die(mysql_error()); mysql_select_db(movies); //Query $data = mysql_query("SELECT isAdmin FROM users WHERE username='$Username' AND password='$Passwrd'"); mysql_result($data, 0); //Or should I use: $info = mysql_fetch_array( $data); ? //Returning values if($info){ echo '&signed=true&'; if($info['isAdmin']=='Y') echo '&admin=true&'; else{echo '&admin=false&';} } else {echo '&signed=false&';} ?> PHP: I've succesfully passed the variables Username and Password from flash to php and I've connected to the database (In some tests I made I could also add records and update my database). My problem is that regardless of what I put in as Username and Password, it seems that I always get a signed=true result in my flash.... (or undefined) However, I've worked a lot with flash, and I can't find a mistake there. Can anybody please tell me if there is something wrong or weird with my php code?? I'm desperate and any help would be greatly appreciated!
First clean all user input. So replace your $Username and $Password lines with this: $Username = mysql_real_escape_string($_POST['Username']); $Passwrd = mysql_real_escape_string($_POST['Passwrd']); PHP: You forgot to put $info before mysql_result, but still use $info = mysql_fetch_array($data); PHP: Other than that, you made one error. At the end of all your statments, you put and "&". You do not need that because it looks like this: &signed=true&&admin=false I think that might be the part that's messing with your flash....but I'm no flash expert. So here's "my" version of your code <?php //Gets values from flash && cleans them $Username = mysql_real_escape_string($_POST['Username']); $Passwrd = mysql_real_escape_string($_POST['Passwrd']); // Connects to Database mysql_connect('localhost', 'root') or die(mysql_error()); mysql_select_db('movies') or die(mysql_error()); //Query $data = mysql_query("SELECT isAdmin FROM users WHERE username='$Username' AND password='$Passwrd'"); $info = mysql_fetch_array($data); if($info){ echo '&signed=true'; if($info['isAdmin']=='Y') { echo '&admin=true'; } else { echo '&admin=false'; } } else { echo '&signed=false'; } ?> PHP:
Hi JDT, thank you so much for your reply. I tried your code but still nothing. Then, I made it easier: if($info){ echo '&signed=true&'; } else {echo '&signed=false&';} And it always returns signed=false (even if there is a record with the specific username AND password in my database) Also, I tried it like that: if(!$info){ echo '&signed=false&'; } else {echo '&signed=true&';} and it always returned signed=true even if I typed usernames and passwords that don't even exist in database. Could that mean that the mysql_query is ignored or doesn't return the correct result for some reason? I'm sure that php and mySQL communicate though because at my previous tests I could add/remove/change records to the database using php (and flash user-inputs). I also made another test in flash and wrote a simple php (like: if user_input='Maria' echo '&output=Hi Maria&' else echo '&output=I don't know you&') and it works just great. Which means that php does return results to flash. Any ideas please?
Errrr.....the field isAdmin has a value of "Y" or "N"(..or something like that)? Also maybe you can try this: //the code before if (mysql_num_rows($info) > 0){ echo '&signed=true'; if($info['isAdmin']=='Y') { echo '&admin=true'; } else { echo '&admin=false'; } } else { echo '&signed=false'; } PHP: That way it will check if it's valid by making sure there is a row returned from the query. EDIT: Stupid me, since you were checking the variable $info, it's saying it's an array. I should of checked $info['isAdmin'] before, but the code I posted above should still work, If it doesn't try replacing $info with $info['isAdmin'] in the if statement.
Thank you so much, I didn't know about the mysql_num_rows() and it's proved to be very helpful I was convinced that my mistake was in the query so I didnt't pay attention to other details but with this function, I was able to test the script further and at last, I realized where my mistake was. I wasn't exaclty sure of how the echo/print works. My mistake was what you pointed out in your previous post, with only a few adjustments so that flash could read it (it seems that the & symbol is only needed in between the different values that are returned. Only then the flash can understand what is returned). I should have done this: if(!$info){ print 'signed=false&admin=false';} else {print 'signed=true'; if($info['isAdmin']=='Y') print '&admin=true'; else print '&admin=false'; } PHP: Thank you again, you saved me from getting crazy, I'm so grateful!