Basically, I’m creating a log in system. When I am dealing with the data stored in a MySQL database, I get the following error:
Illegal double ‘200970e19291’ value found during parsing
with the following code:
<?php
session_start(); // Session start
$username = $_POST['username']; // Gets the username from the login page
$password = $_POST['password']; // Gets the password.
$salt = "oijahsfdapsf80efdjnsdjp"; // Salt
// Add the salt
$salt .= $password; // The password is now: oijahsfdapsf80efdjnsdjp_PLUS_THE_USERS_PASSWORD
$password = $salt; // Change the password var to contain the salt
// Encryption
$password = md5($password); // woo
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Serrano Login</title>
</head>
<body>
<?php
// Connect to your database
mysql_connect("localhost", "root", "root") or die(mysql_error());
mysql_select_db('serrano');
$query = "SELECT * FROM accounts WHERE password = ".$password." LIMIT 1";
$username = mysql_real_escape_string($username); // just to be sure.
$result = mysql_query($query) or die(mysql_error());
while($row = mysql_fetch_array($result)){
$resusername = $row['username']; // username from DB
$respassword = $row['password']; // password from DB
$resemail = $row['email']; // email from db
}
// Are they a valid user?
if ($respassword == $password) {
// Yes they are.
// Lets put some data in our session vars and mark them as logged in.
$_SESSION['loggedin'] = "1";
$_SESSION['email'] = $resemail;
$_SESSION['username'] = $resusername;
echo "Congrats, Your logged in"; // YAY
}else{
// No, Lets mark them as invalid.
$_SESSION['loggedin'] = "0";
echo "Sorry, Invalid details"; // Nay
}
?>
</body>
</html>
Thoughts?
You haven’t quoted the password ‘value’ you’re inserting, so to MySQL it’s appearing as a mangled number.
or better yet: