I am trying to do to a user-pass validation. Updated code: $username=——; $password=——; $database=——;

Question

0

Asked: June 17, 20262026-06-17T08:11:23+00:00 2026-06-17T08:11:23+00:00

I am trying to do to a user-pass validation. Updated code: $username=——; $password=——; $database=——;

0

I am trying to do to a user-pass validation. Updated code:

$username="------";
$password="------";
$database="------";
$host = "------";


mysql_connect($host,$username,$password);
mysql_select_db($database) or die( "Unable to select database");

$username = $_POST['username'];
$password = $_POST['password'];

echo 'username: ' . $username . '<br>';  //myname
echo 'password: ' . $password . '<br>';  //mypass

function checkpass()
{
    //$result = mysql_query("SELECT * FROM REG_USERS where USERNAME='$_POST[username]' and PASSWORD='$_POST[password]' ") or die(mysql_error());  
    $result = mysql_query("SELECT * FROM REG_USERS where USERNAME='" . $username . "' and PASSWORD='" . $password . "'") or die(mysql_error());  
    return  mysql_num_rows($result);
}

checkpass();
echo 'checkpass:'. checkpass();

In the first query checkpass returns 1. In the second one it returns 0. Why?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-17T08:11:24+00:00

OK now we have the WHOLE code it’s obvious.

$username and $password aren’t global. The function doesn’t know what they are set to.

$username = $_POST['username'];
$password = $_POST['password'];

echo 'username: ' . $username . '<br>';  //myname
echo 'password: ' . $password . '<br>';  //mypass

function checkpass()
{
    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string($_POST['password']);

    //$result = mysql_query("SELECT * FROM REG_USERS where USERNAME='$_POST[username]' and PASSWORD='$_POST[password]' ") or die(mysql_error());  
    $result = mysql_query("SELECT * FROM REG_USERS where USERNAME='" . $username . "' and PASSWORD='" . $password . "'") or die(mysql_error());  
    return  mysql_num_rows($result);
}

NB I know about mysqli. OP isn’t asking about it, I’m not obsessing about it but I have added mysql_real_escape_string for good measure.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am trying to do to a user-pass validation. Updated code: $username=——; $password=——; $database=——;

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply