Home/ Questions/Q 4077132
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-20T17:30:44+00:00

I have gotten a snippet of code to bring back the username and password

  • 0

I have gotten a snippet of code to bring back the username and password and see if they match. i now want to set a session varaible to the ‘points’ value i have in the table which is in the same row as the username and pass.. what could be done?

    <?php $username="asdin";
$password="1sdA2";
$database="a75sdting";
$pword = $_REQUEST['pword'];
$uname = $_REQUEST['uname'];
mysql_connect('mysqsdst.com',$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
$query = mysql_query("SELECT * FROM `username` WHERE `password` = '$pword' AND `username` = '$uname'");
$exsists = 0;

        WHILE($rows = mysql_fetch_array($query)){
         $exsists = 1;
         break;
         }
            if ($exsists){
            $_SESSION['usern']=$uname;
            $_SESSION['logged']=1;

            header('Location: http://wwsdipts/logged2.php');


                    }



mysql_close();

 ?>

i want to set $_SESSION[‘points’] = $row[points] i guess… but i dont think that is correct

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team
    <?php

// start session (required on every page that uses sessions
session_start();

// db auth
$username="asdin";
$password="1sdA2";
$database="a75sdting";

// user auth
$pword = $_POST['pword']; // should use either $_POST or $_GET, NOT $_REQUEST
$uname = $_POST['uname']; // should use either $_POST or $_GET, NOT $_REQUEST

// open db connection
$conn = mysql_connect('mysqsdst.com',$username,$password);
@mysql_select_db($database,$conn) or die( "Unable to select database");

// check user
$query = mysql_query("SELECT * FROM `username` WHERE `password` = '$pword' AND `username` = '$uname'");

if(mysql_num_rows($query)){
    // user exists
    $row = mysql_fetch_assoc($query);
    $_SESSION['usern']=$uname;
    $_SESSION['logged']=1;
    header('Location: http://wwsdipts/logged2.php');
}else{
    header('Location: http://wwsdipts/login.php'); // take them back to login page if incorrect details
}

// close db connection
mysql_close($conn);

?>

    I’ve tidied up your code a bit, please take a look at the notes. It is also worth nothing the following:

    1. You should be using some sort of protection against SQL injections, such as mysql_real_escape_string($_POST['uname']) – the same for password
    2. You need session_start() on all pages that use session variables
    3. You shouldn’t use $_REQUEST, use either $_POST or $_GET (read about it)
    4. Do you actually have a table named username? You should read up a bit about DB design, a better name/use for this table would be users as the table will be holding users (a combination of unique ID, username & password.
    5. I don’t know what you mean about points, but to access any column name in the “username” table, use $row['column-name'] after it is set ($row = mysql_fetch_assoc($query);)
    6. If you intend on using PHP a lot in the future, you should look up PDO, it’s a great class for handling SQL.
    • 0