How to print all mysql rows

Question

 require('db.php');


  $query = 'SELECT username,password FROM users';

  $result = mysql_query($query, $db);

  $text = mysql_fetch_assoc($risultato);


   if($text['username'] == $_POST['user'] && $text['password'] == $_POST['pass']) {

    echo  $text['username'];;
}
else {

    echo 'NO!';
}

I'm a young italian developer: This mysql select result is only the first line of the table, i'm writing the code for a login.php page. Should i use WHERE ?How? I also have an id field (BIG INT(20) NOT NULL AUTO INCREMENT)

Seems you're only getting the first entry in the result array. Also, $text is fetching the association of a different variable? And what is $testo? Also, there are significant security issues with your current code (mysql php functions and plain text passwords, but that's ok for learning) — sharf, Nov 16 '14 at 18:53
There are lot of security problems with your code. mysql_* is depricated. Use mysqli_* or PDF instead. This is said, you need to loop over `$text` using while ($text = mysql_fetch_array($result, MYSQL_NUM)) { // do your job } — , Nov 16 '14 at 18:55
You're using the wrong variable in `$text = mysql_fetch_assoc($risultato);` where it should be `$text = mysql_fetch_assoc($result);` - However, you may be best to use `mysql_num_rows()` for your query when it comes to match rows against usernames and passwords. — Funk Forty Niner, Nov 16 '14 at 20:02
Actually, you should check out http://daveismyname.com/login-and-registration-system-with-php-bp - It uses PDO with prepared statements and `password_hash()` which are a lot (molto) safer. — Funk Forty Niner, Nov 16 '14 at 20:10

score 1 · Answer 1 · edited May 23 '17 at 12:00

1

mysql_fetch_assoc fetches the next row from the result set as long as there is one, or false if the result set is exhausted - so you can loop over it:

while ($text = mysql_fetch_assoc($risultato)) {
    if($text['username'] == $_POST['user'] && $testo['password'] == $_POST['pass']) {
        echo  $text['username'] . '<br/>';
    }
}

Your present code is open to SQL injection while using a deprecated MySQL library.
Use mysqli prepared statements, or PDO with prepared statements.

Regarding password storage

It seems you are storing passwords in plain text. If this is the case, it is highly discouraged.

It it is recommend for you to use CRYPT_BLOWFISH or PHP 5.5's password_hash() function.
For PHP < 5.5 use the password_hash() compatibility pack.

edited May 23 '17 at 12:00

Community

1
1

answered Nov 16 '14 at 19:45

Mureinik

297,002
52
306
350

-1 Don't provide code that allows people to write insecure web applications. – siride Nov 16 '14 at 20:04
@siride I've modified the answer to suit and in more ways than one ;) – Funk Forty Niner Nov 16 '14 at 20:35

How to print all mysql rows

1 Answers1