-1

I've got the php script but it doesn't seem to run the while on it.

It's always worked before but today it didn't work.

include('../conect_to_myspl.php');
$email  = $_GET['e'];
$password = $_GET['p'];
$remember = $_GET['r'];
$selectEmail = mysql_query("SELECT * FROM users WHERE email='$email'");
while($row = mysql_fetch_assoc($selectEmail)){

 $passowrdFromDB = $row['password'];
 $username = $row['username'];
 if($passowrdFromDB == $password){
 session_start();
 $_SESSION['username'] = $username;
 echo 1 ;
 }else{
 echo 0 ;
 }
 }
BenMorel
  • 34,448
  • 50
  • 182
  • 322
random soup dog
  • 159
  • 1
  • 1
  • 8
  • `if(!selectFoo){ echo "No result, or wrong query."; }` – Funk Forty Niner May 03 '14 at 18:14
  • 1
    is there an email "foo" in your database? – Joseph May 03 '14 at 18:15
  • yes there is a foo in my database – random soup dog May 03 '14 at 18:16
  • Add error reporting to the top of your file(s) `error_reporting(E_ALL); ini_set('display_errors', 1);` and use `var_dump();` try `mysql_fetch_array` instead. – Funk Forty Niner May 03 '14 at 18:17
  • 1
    Don't expect anything to come of this, you're assigning `$row` and expect it to echo `yay`? You need to do `if(!$selectFoo){echo $row['email'];}` you need to check if there is a successful query, then if so, echo it. – Funk Forty Niner May 03 '14 at 18:20
  • 1
    what @Fred-ii- said, except with `$`: `if(!$selectFoo){echo $row['email'];}` – Joseph May 03 '14 at 18:23
  • 1
    Oops, I forgot the `$` in there. Corrected. Thanks for catching that @joseph4tw +1 – Funk Forty Niner May 03 '14 at 18:25
  • Then why not show us what you're actually using? I didn't post an "answer" because of **it**. See the answer already given below. – Funk Forty Niner May 03 '14 at 18:35
  • @randomsoupdog Put `error_reporting(E_ALL);` and `ini_set('display_errors', 1);` at the beginning of the PHP file to print the error. – Lucas Henrique May 03 '14 at 18:53
  • what happens if you add `if(!$selectEmail){echo 'no data!;}` before the while loop? like @Fred-ii- recommended? – Joseph May 03 '14 at 18:55
  • and check your `$_GET` as well – Joseph May 03 '14 at 18:55
  • i only get "Deprecated : mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in " – random soup dog May 03 '14 at 18:56
  • 1
    Actually scratch my comment about *"mysql_fetch_array instead of mysql_fetch_assoc"* --- there's nothing wrong with your code. Make sure that you've selected the correct DB/table/columns and no typos and that there is in fact matching data in your DB. – Funk Forty Niner May 03 '14 at 18:57
  • *"i only get "Deprecated : mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in ""* Ah, your DB connection is `mysqli_*` right? @randomsoupdog I'll bet my last dollar on it. Change all instances of `mysql_` to `mysqli_` – Funk Forty Niner May 03 '14 at 18:58
  • yeah it is ,but when i change it (all of my mysql_) to mysqi_ it give me this error " mysql_fetch_assoc() expects parameter 1 to be resource, boolean given" – random soup dog May 03 '14 at 19:04
  • See my answer below, which I tested your code with an existing and similar DB I keep on my server. @randomsoupdog – Funk Forty Niner May 03 '14 at 19:05
  • *"yeah it is ,but when i change it (all of my mysql_) to mysqi_ it give me this error " mysql_fetch_assoc() expects parameter 1 to be resource, boolean given""* you're still using `mysql_fetch_assoc()` those two APIs do **NOT** mix. Everywhere where it says `mysql_` MUST be changed to `mysqli_` notice the `i`? @randomsoupdog use `mysqli_fetch_assoc()` – Funk Forty Niner May 03 '14 at 19:24
  • yes i have changed it but i get no output – random soup dog May 03 '14 at 19:25

2 Answers2

1

"i only get "Deprecated : mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in "

I'm willing to bet my last dollar that your DB connection is mysqli_* and not mysql_* based. Yet, if it is mysql_ then you need to change that to mysqli_ see my example test that follows.

Change all instances of mysql_ to mysqli_ and add $con before SELECT or whatever variable you are using for DB connection in your connect file.

Assuming DB connection variable is $con (tested with a similar DB I already have on my server).

include('../conect_to_myspl.php');
$email  = $_GET['e'];
$password = $_GET['p'];
$remember = $_GET['r'];
$selectEmail = mysqli_query($con, "SELECT * FROM users WHERE email='$email'");
while($row = mysqli_fetch_assoc($selectEmail)){

 $passowrdFromDB = $row['password'];
 $username = $row['username'];
 if($passowrdFromDB == $password){
 session_start();
 $_SESSION['username'] = $username;
 echo 1 ;
 }else{
 echo 0 ;
 }
 }

Add error reporting to the top of your file(s) 

error_reporting(E_ALL);  
ini_set('display_errors', 1); 
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

This is the code I tested with, using all mysqli_* functions for connection and query.

<?php

error_reporting(E_ALL);
ini_set('display_errors', 1);

mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

/*
$email  = $_GET['e'];
$password = $_GET['p'];
$remember = $_GET['r'];
$selectEmail = mysql_query("SELECT * FROM users WHERE email='$email'");
while($row = mysql_fetch_assoc($selectEmail)){

 $passowrdFromDB = $row['password'];
 $username = $row['username'];
 if($passowrdFromDB == $password){
 session_start();
 $_SESSION['username'] = $username;
 echo 1 ;
 }else{
 echo 0 ;
 }
 }
*/

$DB_HOST = "xxx";
$DB_NAME = "xxx";
$DB_PASS = "xxx";
$DB_USER = "xxx";

$db = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if($db->connect_errno > 0) {
  die('Connection failed [' . $db->connect_error . ']');
}

if($db->connect_errno > 0){
    die('Unable to connect [' . $db->connect_errno . ']');
}

$email  = "user1";
$password = "123";
// $remember = $_GET['r'];
$selectEmail = mysqli_query($db,"SELECT * FROM users WHERE email='$email'");
while($row = mysqli_fetch_assoc($selectEmail)){

 $passowrdFromDB = $row['password'];
 $username = $row['username'];
 if($passowrdFromDB == $password){
 session_start();
 $_SESSION['username'] = $username;
 echo 1 ;
 }else{
 echo 0 ;
 }
 }

"yeah it is ,but when i change it (all of my mysql_) to mysqi_ it give me this error " mysql_fetch_assoc() expects parameter 1 to be resource, boolean given""

You're still using mysql_fetch_assoc() those two APIs do NOT mix. Everywhere where it says mysql_ MUST be changed to mysqli_ notice the i? Use mysqli_fetch_assoc()

Sidenote: Your present code is open to SQL injection. Use mysqli_* functions. (which I recommend you use and with prepared statements, or PDO)

Community
  • 1
  • 1
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
  • well you where correct in that i used mysql_. but i used your code (and changed the details to my database ect )but i still dont get outputted any thing – random soup dog May 03 '14 at 19:14
  • It seems obvious that whatever details are entered in your form or what you're using to pass through the GETs, isn't one that exists. Try using actuals instead of the variables. I.e.: `$email="email@example.com; $password="123";` @randomsoupdog and do `var_dump($_GET['e']);` and `var_dump($_GET['p']);` see what results you get. – Funk Forty Niner May 03 '14 at 19:16
  • Plus, my working example that I tested with, had `WHERE username='$email'")` I changed it to `WHERE email='$email'")` to reflect your DB and `members` instead of `users` for the table. Reload it and try it again @randomsoupdog – Funk Forty Niner May 03 '14 at 19:20
  • Done what you've said but still no output – random soup dog May 03 '14 at 19:23
  • What did `var_dump();` results give you? @randomsoupdog – Funk Forty Niner May 03 '14 at 19:26
  • Plus, are you sure you're using `$passowrdFromDB` and not `$passwordFromDB` as your variable? You realize you have a typo, so I have to assume any possible reasons. @randomsoupdog plus did you try the hard code method as I asked earlier? column types will matter also. – Funk Forty Niner May 03 '14 at 19:27
  • Another factor that could be at play here is that your form elements are not named. Do you have them named as `name="e"` and `name="p"` and `name="r"` in your form and is your form a POST method or GET? @randomsoupdog Post your form then. – Funk Forty Niner May 03 '14 at 19:31
  • in not using a form i'm using ajax and passing the variables as parameters on the url – random soup dog May 03 '14 at 19:34
  • Seems like it's your Ajax that's failing then. Try my code without Ajax and hard code the username/password variables in, and I will guarantee you, it's going to work. @randomsoupdog I won't be able to help you with the Ajax though, I know next to nothing about that. – Funk Forty Niner May 03 '14 at 19:40
  • Food for thought: When you have a question with a problem that consists of multiple codes PHP/SQL/JS/Ajax, post all of it. This will leave the guesswork out of it for others including myself. Many times it's one or a mix of other codes that are at fault. @randomsoupdog – Funk Forty Niner May 03 '14 at 19:42
  • Post your FULL code in your question and then edit your tags and add `ajax` to what you presently have in your tagging options. @randomsoupdog – Funk Forty Niner May 03 '14 at 19:45
  • well i have been running off not off ajax for the last thew test and when i put an echo out side off the wile(){} it does echo it and on to the ajax but here is the ajax:"jQuery.ajax({url:"./includes/login.php?e="+emailSign+"&p="+SignPass+"&r="+rememberSign,success:function(result){ console.log(result);}" – random soup dog May 03 '14 at 19:54
  • @randomsoupdog As I mentioned earlier, I won't be able to help you with the Ajax part of it. Post all that in your question and re-tag. Someone may pick up on it and provide an additional or alternate answer. – Funk Forty Niner May 03 '14 at 19:56
1
$foo="foo";
$selectFoo = mysql_query("SELECT * FROM users WHERE email='".mysql_real_escape_string($foo)."'");
if($error = mysql_error()) die("Got an error: ".$error);
while($row = mysql_fetch_assoc($selectFoo)){
    echo 'yay';
}

I have sanitized the input string and used the mysql_error function to further investigate on the problem. Try this way.

However, you should switch to mysqli since the mysql extension will be removed in the future.

JohnKiller
  • 2,008
  • 18
  • 28