[PHP] any errors in this!

[Rockstar]

My first piece of PHP
Thought id see if theirs any errors In it before I uploaded.
Took a while because I keep getting errors in the PHP Pad I use

PHP Code:

<?php session_start(): ?>
<html>
<head />
<body>

<form action='index.php?login=yes' method=POST>
Username: <input type=text name='user'><br />
Password: <input type=password name='pass'><br />
<input type=submit value='Go!'>
</form>

<?php

    $user=$_POST['user'];
    $pass=$_POST['pass'];
    $login=$_GET['login'];
    
    if ($login=='yes'){
        $con=mysql_connect('192.168.0.4','test',);
        mysql_select_db("login");
        
    $get=mysql_query("SELECT count(id) FROM login WHERE user='$user' AND pass='$pass");
    $results=mysql_result($get, 0);

    mysql_close($con);

    if ($result!=1) echo "Login failure!";
    else{
        echo "Login success!";
        $_SESSION['user']=$user;
        };
    };
    
?>


</body>
</html>

[[Oli]]

Looks alright on the first sight, all I notice is:

PHP Code:

pass='$pass" 


shouldn't that be

PHP Code:

pass='$pass'" 


(forgot the last ' before the " )

EDIT= that is in this line:

PHP Code:

 $get=mysql_query("SELECT count(id) FROM login WHERE user='$user' AND pass='$pass");
    $results=mysql_result($get, 0); 


[Rockstar]

Looks alright on the first sight, all I notice is:

PHP Code:

pass='$pass" 


shouldn't that be

PHP Code:

pass='$pass'" 


(forgot the last ' before the " )

EDIT= that is in this line:

PHP Code:

 $get=mysql_query("SELECT count(id) FROM login WHERE user='$user' AND pass='$pass");
    $results=mysql_result($get, 0); 


Yeh thanks Oh well not bad for my first little thing only missed a '

[Frog!]

Just quickly edited it all for you!

PHP Code:

<?php session_start(); ?>
<html>
<head>
</head>
<body>

<form action="index.php?login=yes" method=POST>
Username: <input type=text name="user"><br />
Password: <input type=password name="pass"><br />
<input type=submit value="Go!">
</form>

<?php

    $user = $_POST["user"];
    $pass = $_POST["pass"];
    $login = $_GET["login"];
         
    if ($login == "yes")
    {
    
        $con = mysql_connect("192.168.0.4","test");
        mysql_select_db("login");
        
        $get = mysql_query("SELECT count(id) FROM login WHERE user='" . $user . "' AND pass='" . $pass . "'");
        $results = mysql_result($get, 0);
        
        mysql_close($con);
        
        if ($results != 1)
        {
        
            echo "Login failure!";
        
        }
        
        else
        {
        
            echo "Login success!";
            $_SESSION["user"]  =$user;
        
        }
    
    }
    
?>


</body>
</html>

I think that should work.

I edited:

PHP Code:

<?php session_start(): ?>

to

PHP Code:

<?php session_start(); ?>

PHP Code:

$con=mysql_connect('192.168.0.4','test',); 


to

PHP Code:

$con = mysql_connect("192.168.0.4", "test"); 


PHP Code:

$get=mysql_query("SELECT count(id) FROM login WHERE user='$user' AND pass='$pass"); 


to

PHP Code:

$get = mysql_query("SELECT count(id) FROM login WHERE user='" . $user . "' AND pass='" . $pass . "'"); 


PHP Code:

if ($result!=1) echo "Login failure!"; 


to

PHP Code:

        if ($results != 1)
        {
        
            echo "Login failure!";
        
        } 


I also changed the ''s to ""s , makes me happier.

[Pazza]

Lol at Frog!

It all looks complicated, so I say you've done it right!

[QuickScriptz]

I've taken what Frog did and added some room for errors if they are returned, in other words say something fails (like connecting to the database) then it wont just give you a weird error, it will tell you something.

I've also added a "hidden" field so that if the user just happens to navigate to "index.php?login=yes" unknowingly then it wont try and log them in. Also, you forgot some quotes in your HTML form so I added them

PHP Code:

<?php session_start(); ?>
<html>
<head>
</head>
<body>
 
<form action="index.php?login=yes" method="post">
Username: <input type="text" name="user" /><br />
Password: <input type="password" name="pass" /><br />
<input type="hidden" name="loginactually" value="yes" />
<input type="submit" value="Go!" />
</form>
 
<?php
 
    $user = $_POST["user"];
    $pass = $_POST["pass"];
    $login = $_GET["login"];
    $submitted = $_POST['loginactually'];
 
    if ($login == "yes"&&$submitted == "yes")
    {
 
        if(mysql_connect("192.168.0.4", "test"))
        {
            $con = mysql_connect("192.168.0.4", "test")
            $connected = "yes";
            if(mysql_select_db("login"))
            {
                mysql_select_db("login");
                $selected = "yes";
            }else{
                echo "Could not select database!<br/>";
                echo "Message from MySQL server: ";
                echo mysql_error();
            }
        }else{
            echo "Could not connect to MySQL server.";
            echo "Message from MySQL server: ";
            echo mysql_error();
        }
 
        if($connected == "yes"&&$selected == "yes"){
            if($get = mysql_query("SELECT count(id) FROM login WHERE user='" . $user . "' AND pass='" . $pass . "'"))
            {
                if($results = mysql_result($get, 0))
                {
                }else{
                    echo "Could not get result.<br/>";
                    echo "Message from MySQL server: "
                    echo mysql_error();
                }
            }else{
                echo "Bad query.<br/>";
                echo "Message from MySQL server: ";
                echo mysql_error();
            }
 
        mysql_close($con);
 
        if ($results != 1)
        {
 
            echo "Login failure!";
 
        }
 
        else
        {
 
            echo "Login success!";
            $_SESSION["user"]  = $user;
 
        }
 
    }
 
?>
 
 
</body>
</html>