PHP code help :( im useless

Diakatarnis · 25 Jul 2008 at 12:17

ok so the web server went down, and after some arguements with the host we managed to retrieve the site. But now the admin logon does not work, ive identified a couple of problems where the username & pass for the sql server were wrong and have corrected those, but im now stuck

The problem appears to be with the user verification code (i didnt write it and im not that good at php)

i was wondering if anyone could have a glance and see if they can spot the problem?

<?
session_start();
require("config.php");
require("connection.php");
session_register('a_name');

header("Location:index1.php");

$query = "SELECT * FROM ad_admin WHERE admin_name = ".$HTTP_POST_VARS['name']." AND admin_pass = ".$HTTP_POST_VARS['pass']."";
$result=mysql_query($query);
$num=mysql_num_rows($result);
$nu=$num;
if ($nu==0)
{
header("Location:index.php?msg=error$result");
}
else
{
$row = mysql_fetch_array($result, MYSQL_NUM);
session_register('a_name');
$a_name=$row[1];
header("Location:index1.php");
}

?>

at the moment im gettint the error result in the address abar, so im guessing it cant find the items requested in the sql query? any ideas?

Dj_Jestar · 25 Jul 2008 at 13:13

change $HTTP_POST_VARS for $_POST, it may be the server does not have long arrays enabled.

also add a few echo's to see what the $query is etc. There's a lot that could be tidied up with that code, but we'll start with the problem first..

Diakatarnis · 25 Jul 2008 at 13:38

Dj_Jestar said:
change $HTTP_POST_VARS for $_POST, it may be the server does not have long arrays enabled.

also add a few echo's to see what the $query is etc. There's a lot that could be tidied up with that code, but we'll start with the problem first..

Excellent, ill give that a go in a sec, i have to go and swap out a router :mad:

someone has been fiddling on site and broken it :\

Diakatarnis · 25 Jul 2008 at 15:00

Dj_Jestar said:
change $HTTP_POST_VARS for $_POST, it may be the server does not have long arrays enabled.

also add a few echo's to see what the $query is etc. There's a lot that could be tidied up with that code, but we'll start with the problem first..

ok tried that, im being chucked back to the error address.

LPL · 25 Jul 2008 at 15:37

echo the query out to check it is passing the variables correctly

Put a few echos in certain places 1 at a time and you find the error

Diakatarnis · 25 Jul 2008 at 17:20

ok error was in the sql query nad has been resolved

many thanks for your help

LPL · 25 Jul 2008 at 17:34

Thought it might have been, was something not getting passed?

Also, if its for a login are you using any kind of protection against SQL injection or just getting the data straight from the post and not stripping it of any unwanted chars?