Hello,

i am writing a small login script for a website.

The username and passwort are stored in a database in two separate columns.

I have it like this:

while($dbbenutzer = mysql_fetch_row($sqlbenutzername))
while($dbpasswort = mysql_fetch_row($sqlpasswort)){


echo $dbbenutzer[$i];
echo $dbpasswort[$j];
if($benutzername == $dbbenutzer and $pass == $dbpasswort){
echo '<p>Sie haben sich erfolgreich angemeldet</p>';
echo 'Willkommen';
}
}

}

Sice the values are entries in rows in two columns, i use
mysql_fetch_row to get the entries.

Then i want to compare the returned values of the sql statement with
the values provided by the user.

My problem now is only get the first value pair of username and
passwort, not the second.
For instance the first value pair is moritz 123456 which i get
returned but i dont get returned the second value pair thomas thorr.

thank you
yours sincerly
Alexander Schunk

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Hi,
Maybe try...

$benutzername = $_GET['username'];
$pass = $_GET['password'];

$result = "SELECT * FROM usertable WHERE
sqlbenutzername='$benutzername'";
while($r = mysql_fetch_row($result)) {
$dbbenutzer = $r["sqlbenutzername"];
$dbpasswort = $r["sqlpasswort"];
}
if($benutzername == $dbbenutzer && $pass == $dbpasswort){
echo '<p>Sie haben sich erfolgreich angemeldet</p>';
echo 'Willkommen';


Karl

On Apr 29, 2010, at 7:25 AM, Alexander Schunk wrote:

> Hello,
>
> i am writing a small login script for a website.
>
> The username and passwort are stored in a database in two separate
> columns.
>
> I have it like this:
>
> while($dbbenutzer = mysql_fetch_row($sqlbenutzername))
> while($dbpasswort = mysql_fetch_row($sqlpasswort)){
>
>
> echo $dbbenutzer[$i];
> echo $dbpasswort[$j];
> if($benutzername == $dbbenutzer and $pass == $dbpasswort){
> echo '<p>Sie haben sich erfolgreich angemeldet</p>';
> echo 'Willkommen';
> }
> }
>
> }
>
> Sice the values are entries in rows in two columns, i use
> mysql_fetch_row to get the entries.
>
> Then i want to compare the returned values of the sql statement with
> the values provided by the user.
>
> My problem now is only get the first value pair of username and
> passwort, not the second.
> For instance the first value pair is moritz 123456 which i get
> returned but i dont get returned the second value pair thomas thorr.
>
> thank you
> yours sincerly
> Alexander Schunk
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>

Karl DeSaulniers
Design Drumm
http://designdrumm.com


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

On 29 April 2010 15:00, Karl DeSaulniers <karl [at] designdrumm.com> wrote:
> Hi,
> Maybe try...
>
> $benutzername =3D $_GET['username'];
> $pass =3D $_GET['password'];
>
> $result =3D "SELECT * FROM usertable WHERE sqlbenutzername=3D'$benutzerna=
me'";

Don't use values from $_GET without sanitizing first. If using mysql_*
functions, sanitize with mysql_real_escape_string() first.

> while($r =3D mysql_fetch_row($result)) {
> =C2=A0 =C2=A0 =C2=A0 =C2=A0$dbbenutzer =3D $r["sqlbenutzername"];
> =C2=A0 =C2=A0 =C2=A0 =C2=A0$dbpasswort =3D $r["sqlpasswort"];
> }
> =C2=A0 =C2=A0 =C2=A0 if($benutzername =3D=3D $dbbenutzer && $pass =3D=3D =
$dbpasswort){

This would work but only if you're storing passwords in the database
in clear text - which is a Bad Thing and should be avoided. Hash the
passwords before storing and compare with a hashed version, not the
cleartext.

Regards
Peter

--
<hype>
WWW: http://plphp.dk / http://plind.dk
LinkedIn: http://www.linkedin.com/in/plind
Flickr: http://www.flickr.com/photos/fake51
BeWelcome: Fake51
Couchsurfing: Fake51
</hype>

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Yes. You are correct. Did not include that part, sry.
Dont forget mysql_real_escape_string.
:)

Karl


On Apr 29, 2010, at 9:37 AM, Peter Lind wrote:

> On 29 April 2010 15:00, Karl DeSaulniers <karl [at] designdrumm.com> wrote:
>> Hi,
>> Maybe try...
>>
>> $benutzername = $_GET['username'];
>> $pass = $_GET['password'];
>>
>> $result = "SELECT * FROM usertable WHERE
>> sqlbenutzername='$benutzername'";
>
> Don't use values from $_GET without sanitizing first. If using mysql_*
> functions, sanitize with mysql_real_escape_string() first.
>
>> while($r = mysql_fetch_row($result)) {
>> $dbbenutzer = $r["sqlbenutzername"];
>> $dbpasswort = $r["sqlpasswort"];
>> }
>> if($benutzername == $dbbenutzer && $pass == $dbpasswort){
>
> This would work but only if you're storing passwords in the database
> in clear text - which is a Bad Thing and should be avoided. Hash the
> passwords before storing and compare with a hashed version, not the
> cleartext.
>
> Regards
> Peter
>
> --
> <hype>
> WWW: http://plphp.dk / http://plind.dk
> LinkedIn: http://www.linkedin.com/in/plind
> Flickr: http://www.flickr.com/photos/fake51
> BeWelcome: Fake51
> Couchsurfing: Fake51
> </hype>
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>

Karl DeSaulniers
Design Drumm
http://designdrumm.com


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

On 29 April 2010 16:44, Alexander Schunk <aschunk [at] gmail.com> wrote:
> Hello,
>
> i have it now as follows:
>
> while($dbbenutzer =3D mysql_fetch_assoc($sqlbenutzername))
> =C2=A0 =C2=A0 =C2=A0 =C2=A0while($dbpasswort =3D mysql_fetch_assoc($sqlpa=
sswort)){

You have things very twisted. Check the code posted by Karl - you only
need *ONE* row containing your *TWO* fields. mysql_fetch_assoc()
retrieves that *ONE* row from a MySQL result set as an array - so
having those two while statements will do you no good.

Regards
Peter


--
<hype>
WWW: http://plphp.dk / http://plind.dk
LinkedIn: http://www.linkedin.com/in/plind
Flickr: http://www.flickr.com/photos/fake51
BeWelcome: Fake51
Couchsurfing: Fake51
</hype>

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php