Display users First and last name in plain text from the database or give an error

Question

I have a html page that sends value pass to log.php :

<?php 
$PHONE = $_POST['pass'];

mysql_connect('host.com', 'user', 'pass'); mysql_select_db('userdb');  

$results = mysql_query(sprintf("SELECT FNAME,LNAME FROM `details` WHERE PASS='$PASS'",
mysql_real_escape_string($PASS))) or die(mysql_error()); while($row = mysql_fetch_assoc($results))
{ $rows[1] = $row; }
echo "Welcome ";
echo "$rows[1][FNAME]." ".$rows[1][LNAME]"
echo " you are logged in successfully"

?>

I get the result in log.php file in this form when value 'pass' is not being registered in database:

Welcome [//here user's first & last name if registered or remains blank] you are logged in successfully

I have table 'details' created

FNAME-First name
LNAME-Lastname
BIRTHDAY-Birthday
PHONE- user's no.
PASS- user's password.

My Question is , I want to just display ' You are not registered user' when pass value is not been registered in the database.Any help would be greatfull ?

for authorization you should get record from the database by username and then check the password. `mysqli_stmt_num_rows($query)` returns number of rows found — Joel Harkes, Jun 24 '13 at 06:20
try to echo your query and paste here let us see what your query is echoing, may be you are providing a wrong field or the $pass value is empty — Moeed Farooqui, Jun 24 '13 at 06:32

score 1 · Answer 1 · edited May 25 '19 at 14:22

Just check if you actually get a record or not using mysql_num_rows,

$results = mysql_query(sprintf("SELECT FNAME,LNAME FROM `details` WHERE PASS='$PASS'",
           mysql_real_escape_string($PASS))) or die(mysql_error());
if(mysql_num_rows($results) > 0){
   while($row = mysql_fetch_assoc($results))
   { 
      $rows[1] = $row; 
   }
   echo "Welcome ";
   echo $rows[1]['FNAME']." ".$rows[1]['LNAME'];
   echo "You are logged in successfully";
}
else{
    //Redirect them back with error message
    header("Location: http://www.example.com/index.php?err='You are not registered user'");
}

Note: Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.

Parse error: syntax error, unexpected '"', expecting ',' or ';' in /home/a8550571/public_html/Log.php file, its seems somethings going wrong in your code. — user2513330, Jun 25 '13 at 12:51
I direct you how you can pass data to other page. You can solve a parse error by yourself , debuging the same. Btw I have update my answer `echo $rows[1]['FNAME']." ".$rows[1]['LNAME'];` you had a syntax error near this lines. — Rikesh, Jun 25 '13 at 12:53

stackErr · Answer 2 · 2013-06-25T13:36:43.540

0

if(empty($rows[1][FNAME])){
    echo 'You are not registered user';
}
else{
    echo "Welcome ";
    echo "$rows[1][FNAME]." ".$rows[1][LNAME]";
    echo " you are logged in successfully";
}

edited Jun 25 '13 at 13:36

answered Jun 24 '13 at 06:15

stackErr

4,130
3
24
48

Parse error: syntax error, unexpected '}', expecting ',' or ';' in /home/a8550571/public_html/Log.php, this error is shown from your code. – user2513330 Jun 25 '13 at 13:11
@user2513330 I forgot the semicolons, I have updated the answer – stackErr Jun 25 '13 at 13:37

score 0 · Answer 3 · edited Jun 24 '13 at 06:54

0

You took value in $phone variable for password and in select query used PASS= $PASS so how can it run?

Change this then run like below:

$results = mysql_query(sprintf("SELECT FNAME,LNAME FROM `details` WHERE PASS='$PHONE'",
mysql_real_escape_string($PHONE))) or die(mysql_error());

edited Jun 24 '13 at 06:54

Daanvn

1,254
6
27
42

answered Jun 24 '13 at 06:32

hiren vadhel

1

Display users First and last name in plain text from the database or give an error

3 Answers3