Learning PHP, need some help

Trigger

Trigger

Trigger

Soldato
Joined
15 Dec 2004
Posts
3,819
Hi,

I've been learning PHP over the weekend and have covered quite a bit with a very good tutorial I've been following :) I basically need to create a members area for a site. Now I know I could do it with cookies but obviously that isn't very secure so I wanted to do it with mySQL (the tutorial covered it as well) but am a bit confused on how to do it. So far, I have created a MyISAM table with the fields of 'user' and 'pword' and have the following script:

Code: 
<?php

// Set Database Connection Parameters:

$host = "localhost";
$user = "********";
$pword = "********";
$dbase = "membersarea";

// Connect to Database:

$connect = mysql_connect($host, $user, $pword) or die('Could not connecto to database!');

// Select Database:

mysql_select_db($dbase) or die('Could not select database');

// Set User Input Variables:

$username = $_POST['username'];
$password = $_POST['password'];

// Define Query:

$query = "SELECT * FROM user_info";

// Execute Query:

$result = mysql_query($query) or die("Error in query: $query" .mysql_error());
$row = mysql_fetch_row($result);

// If Username and Password are correct, include the members page:

if (($row[1] == $username) && ($row[2] == $password)) {
	echo "Username and password accepted";
	echo "<br /><br />";
	include('membersarea.php');
}

// If the Username is correct but the password wrong, display the wrong username page:

elseif (($row[1] == $username) && ($row[2] != $password)) {
	echo "Username found but the password is incorrect";
}

else {
	echo "Username not found";
}


// Free Result Set Memory:
mysql_free_result($result);

// Close Connection:
mysql_close($connect);

?>

Now, the script works perfectly but I'm not sure what I have to do when I add more users. I understand that this is probably not the best way of doing things but I only started on saturday night :o So could anyone suggest a fix or a better way of doing things?

Thanks

Ben
 
Pine said:
Do a query like this (untested):

Code: 
$query = 'SELECT * FROM user_info ' .
'WHERE user = "' . mysql_real_escape_string($username) . '" ' .
'AND pword = "' . mysql_real_escape_string($password) . '" ' .
'LIMIT 1';

If you don't get 0 results returned then you know that you've found a password/username match in the table.

Also, don't use * unless you need to.
Click to expand...

Hmmm, any chance you could explain this a bit more? I've not seen that before :o Sorry for being a n00b :o :D

Thanks

Ben
 
Read my first post again: I AM LEARNING! :o

I accept that my coding isn't great but the tutorial I was using commented it like that so I just followed on. And as for the SQL syntax, there was only a couple of paragraphs on it and it only showed the syntaxes which I have used- nothing else and I didn't feel it was the right time to start another tutorial.

Anything else I've done wrong that is going to cause the whole world to come to an abrupt end?
 
robmiller said:
Calm down, I was only making a suggestion.
Click to expand...

I know and I appreciate the suggestion so thank you but it just seemed like you were picking at the smallest of things. Now, for my original problem, can't I just add more lines like:

Code: 
if (($row[1] == $username) && ($row[2] == $password))

but change 1 and 2 to 3 and 4 and so on respectivley? I'm trying to keep it simple :o

Thanks

Ben
 
Thank you to both of you, that makes much more sense now :) I'll read it through a few more times and then try it. Sorry for getting annoyed before- I thought I was being shouted at :o

Cheers

Ben
 
Instead of starting a new thread, I thought i'd ask here... I've just started on a little project to try and build up my skills by writing a helpdesk type program for school as we don't have one. Now, I have written the form which inputs the data to the database and that works fine. I also have the admin interface which reads all the values in the database and display them in a table.

I have created a row to show whether the job is done or not but don't know how to change the value without doing it manually. I have created a form button to do it on click but I don't know what code I need :(

I have a table called 'help_desk' with a field 'done' which will have the value 'yes' or 'no' and would like to know how to change it's value with a form button if possible please :)

Thanks :cool:

Ben
 
Right, thanks for the help guys :) I think i'm confusing myself now though :o I've got the form done which inserts the 'problem' data into the database but am struggling to modify the value of the 'done' column for a specific row in the admin interface (See below) and to make it all worse the damn table won't center in CSS :( This is what it looks like:

Click

I would really appreciate it if any of you could give me an idea on how to initiate the SQL UPDATE command (Understand SQL more now- spent last night reading up on it at w3school :D ) by a button or similar as you can see.

Thanks

Ben
 
Last edited:
I've managed to get the update function working now. It's not very effecient though so I'm looking for a different way of doing things. At the moment, I have put two radio buttons with the name $row[id] and the values of done or delete. I've then passed this information to another form by GET and then had to say:

Code: 
if ($_GET['1'] = done) {
mysql_query("
UPDATE help_desk
SET done = 'yes'
WHERE id = 1
");
} else {
};

And I have to do that for each one which is ridiculous :( Can anyone help me with a more effecient way? :)

Thanks

Ben
 
So what would I need to put into the Action column?

Code: 
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>

	<title>Ruskin Sports College .::. HelpDesk™</title>
	<link rel="stylesheet" type="text/css" href="css/layout.css" />
	<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

</head>

<body>




<div id="login">
	
	<p class="logintitle">
	
		Ruskin Sports College .::. HelpDesk™ Administrator Interface
		
	</p>
	
	<p class="viewdesk" align="center">
	
<?php

// Create Database Variables:

$host = "localhost";
$user = "******";
$pass = "********";
$dbase = "helpdesk";

// Connect to Database:

$connection = mysql_connect($host, $user, $pass) or die('Could not connect to Database');

// Select Database:

mysql_select_db($dbase) or die('Could not find selected database');

$query = "SELECT * FROM help_desk";

$result = mysql_query($query) or die ("Error in query: $query. ".mysql_error());


// see if any rows were returned

if (mysql_num_rows($result) > 0) {
    // yes
    // print them one after another
    echo "<center";
    echo "<center><font color=green><div id=tables><table cellpadding=10 border=1 align=center>";
    
        echo "<tr>";
        echo "<td><font color=red> ID Number</font></td>";
        echo "<td><font color=red> Submitted by User</font></td>";
        echo "<td><font color=red> Problem Location</font></td>";
        echo "<td><font color=red> Type </font></td>";
        echo "<td><font color=red> Urgent </td>";
        echo "<td><font color=red> Problem Description </font></td>";
        echo "<td><font color=purple> Done </font></td>";
        echo "<td><font color=red> Actions </font></td>";
        echo "</tr>";
        while($row = mysql_fetch_array($result)) {
        $id = $row[id];
        global $id;
        global $row;
        echo "<tr>";
        $urgent = $row[urgent];
        $done = $row[done];  
        echo "<td>" . $row[id]."</td>";
        echo "<td>" . $row[user]."</td>";
        echo "<td>".$row[location]."</td>";
        echo "<td>".$row[type]."</td>";
        if ($urgent == "Yes") {
        echo "<td><font color=red><img src=img/urgent.jpg></img></font></td>";
        }
        elseif ($urgent == "No") {
        echo "<td><font color=blue>". $urgent; "</td>";
        } else {
        }     
        echo "<td>".$row[problem]."</td>";
        if ($done == "yes") {
        echo "<td><font color=red><img src=img/done.jpg></img></font></td>";
        }
        elseif ($done == "no") {
        echo "<td><font color=blue><img src=img/cross.gif></img></font></td>";
        } else {
        }  
        echo "<td><form action='u8w6y58irfhfiwe794.php' method=get><font face=tahoma color=blue>Done:<input type=radio name='$row[id]' value=done><br />Delete:<input type=radio name='$row[id]' value=delete></font></td>";
        echo "</tr>";
    }
    
    echo "</table></div>";
}
else {
    // no
    // print status message
    echo "No New Problems have been submitted to the HelpDesk!";
}

$row = mysql_fetch_array($result);
$id = $row[id];
echo $id;




function updatedone($idacc) { mysql_query("
UPDATE help_desk
SET done = 'yes'
WHERE id = '$idacc'
");
};

updatedone(3);


echo $row;
echo "</p><p>";
echo "<input type=submit value=Update onClick=alert('Are you sure?')</input>";


// free result set memory
mysql_free_result($result);

// close connection
mysql_close($connection);

?>

</p>

<p>

<form>
<input type="button" value="Return to Main Menu" onClick="window.location='d4ttg4689hjyhjjsjyhweqwlkml.php'""></input>

</form>

</p>
<br /><br />

</body>
</html>

That's the code for the table that displays all the items submitted to the help desk- I know it's messy, its still got bits of code in that don't do anything now so I appologise for that :o Really don't know how to do the 'Done' and 'Delete' bits though. Sorry for being a n00b :(

Thanks for the help

Ben
 
robmiller said:
Do you see my point about comments? They're showing you, the reader of the tutorial, what each segment of code is doing. Once you've learned the language (which you will, quickly) such comments become tiresome and unnecessary, so it's better to leave them out :)
Click to expand...


Ahh right, I thought it was supposed to be done like that :o I'll take them out in future :) Took it into school today and tried to install XAMPP and the MySQL service won't bloddy start! I managed to get MySQL 5 directly installed but if I try and access http://localhost it just comes up 'The page cannot be displayed blah blah... Connection Refused!' Any ideas why it would do this? It's not on the proxy server, it's on an internal machine.

Thanks

Ben
 
You must log in or register to reply here.
Back
Top Bottom