Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 SQL Server 2000 Forums
 Transact-SQL (2000)
 password screen

Author  Topic 

ciccicci
Starting Member

3 Posts
Posted - 2004-05-25 : 03:25:51
I'm very new to SQLscript and I have difficulties in completing this task of mine....I have create a database in access,using the Php embedded in the SQL script .....so i have created the to request the user the username and password and thenthe action script to check the username and password and let the user log into the home page....it does not work and i don't understand why

this is the simple form in html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<TITLE> New Document </TITLE>
<META NAME="Generator" CONTENT="EditPlus">
<META NAME="Author" CONTENT="">
<META NAME="Keywords" CONTENT="">
<META NAME="Description" CONTENT="">
</HEAD>

<BODY>
<CENTER><P>WELCOME TO SHOP DATABASE</P></CENTER>
<caption>Enter your username and password to access the site:</caption>
<form method="post" action="execlogin.php">
Username: <input type="text" name="txtUsername"><br>
Password: <input type="password" name="txtPassword"><br><BR>
<input type="submit">

</form>
</BODY>
</HTML>

and this is my script to check the password and user name
<HTML>
<HEAD>
<TITLE>EXECLOGIN.PHP</TITLE>
</HEAD>
<BODY>
<? php

//check form for the value

function checkString($string)
{
//check argument to ensure that it contains a0 something and b)something more than whitespace
if ($string && ( ($string != '\n') && ($string != ' ') && ($string != '\t') ) ) {
//everything OK? then return 0
return 0;
}
else {
//problem - return 1
return 1;
}
}
$errors='';

if checkString($user_name)){
$errors.='user_name<BR>';
}

if checkString($user_pass)){
$errors .='user_pass<BR>';
}
if ($errors){
echo ("please supply correct info <P>$errors");
exit;
}
$dsn="ecommerce";
$user="";
$upasswd="";
$conn= odbc_connect($dsn,$user,$upasswd);
if ($conn <=0){
echo "error in connection<BR>";
exit;
}
$query = "SELECT * FROM Users WHERE user_name='' or ''='' and user_pass = '' or ''='";
$result= odbc_exec($conn,$query);
if ($result){
echo ('you are logged in');
}
else {
echo ('some problems there');
}

odbc_close($conn);
?>

<a href="index.php">Go Home!</a>
</body>
</html>

please help i'm desperate and i really want to learn



Pethron
Starting Member

10 Posts
Posted - 2004-05-25 : 04:55:48
Hi,
I don't understand what you wana to check with this :
WHERE user_name='' or ''=''
where user_name is empty or empty is empty?

Anyway this may be the reason that it doesnt work:
[...] user_pass = '' or ''='";
There is only one ' at the end: [...] ''=''"; would be right.

Hope this would help.
Go to Top of Page
   

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources

Articles

Forums

Blogs

Contact Us

About the Site