#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2010
    Posts
    4
    Rep Power
    0

    probleme returning a value from function


    im trying to build a login system i create some functions one of it is to return the user_id but it dosn't work with mysql_result() here is my code
    My functions
    PHP Code:
    //security function sanitize
    ($input){   $inputmysql_real_escape_string($input);
    $input=trim($input," "); 
     return 
    $input; } 
     
    //get user_id 
    function get_user_id($username){    
    $query=mysql_query("SELECT 'user_id' FROM user_admin WHERE username = '$username'");   
      return 
    mysql_result($query0'user_id'); }  
    //check username and pass 
    function login($username $password){   
      
    $username=sanitize($username);    
     
    $password=md5($password);         
     
    $user_id=get_user_id($username);    
     
    $query=mysql_query("SELECT COUNT('user_id') FROM 
    user_admin WHERE username='
    $username' AND 
    password='
    $password' ");  
       return (
    mysql_result($query 0
    == 
    1) ? $user_id :  false ;      } 
    my login page code :

    PHP Code:
      //check post existance 
     if(empty($_POST) === false){       
        //check login fields not empty if so error 
            if(empty($_POST['username']) || empty($_POST['password'])){ $errors[]="All fields should be field in";  
           }else{            
     //security # mysql injaction 
                $username=sanitize($_POST['username']);             $password=$_POST['password']; 
                //check username existance in DB  
               $query=mysql_query("SELECT COUNT('user_id') FROM user_admin WHERE username='$username' ");             $username_existance=mysql_result($query,0);             if($username_existance != 1){$errors[]="Invalid Username please try again"; 
                }else{             
    //check username and password 
     
     $login=login($username , $password);    
             if($login=== false){ $errors[]=" Invalid Username And/Or Password try again. ";
                     }else {                     die($login);                 }             }         }     } ?>    
    <!DOCTYPE HTML> 
     <html>   
    <head>     
    <title>Administration Raffle -Login-</title>   
      <link rel="stylesheet" type="text/css" href="style/general.css"/>  </head> 
       <body>   <div id="container">        
      <div id="header">     <h1>Administration -Back Office-</h1>     <h4>The big Raffle of the year</h4>     </div>        
      <div id="body">            
      <div id="menu-h">             <ul>             <li><a href="index.php">Home</a></li><a href="prices.php">Prices</a><a href="addprice.php">Add price</a><a href="participants.php">Participants</a><a href="winners.php">Winners</a>             </ul>             <ul id="login"><li><a href="login.php">Login</a></li></ul>         </div>                 
     <div id="content">         
    <?php         if(isset($errors)) {output_errors($errors); } 
           echo 
    $username." ".$username_existance;         ?>   
           <form method="post" action="login.php" name="login">
      <p> <label for="username"> Username :  </label> <input type="text" id="username" name="username" value=" " /> </p>
     <p><label for="password"> Username :  </label> <input type="password" id="password" name="password" value="" /></p>
     <p> <input type="submit" name="login" value="Login"/> </p>
      </form>
              </div>          </div>     <div id="footer">     <p class="cr">CHANNARK All Rights reserved © 2013</p>     </div>      </div>    </body>    </html>
    this code should displays the user_id witch is an integer but what it display now is that: user_id
    Thanks
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2003
    Posts
    3,543
    Rep Power
    595
    Please edit your post so that it is not all on one line. It is too hard to read and appears to be one long comment. Remove the PHP tags, highlight the properly formatted code then click the PHP icon.
    There are 10 kinds of people in the world. Those that understand binary and those that don't.
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2010
    Posts
    4
    Rep Power
    0
    Originally Posted by gw1500se
    Please edit your post so that it is not all on one line. It is too hard to read and appears to be one long comment. Remove the PHP tags, highlight the properly formatted code then click the PHP icon.
    Done
  6. #4
  7. Old Fart
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Location
    Chicago
    Posts
    106
    Rep Power
    4
    I have not yet looked at your code in detail but I did notice a side issue.

    The PHP mysql library is deprecated and should not be used for new projects. Please consider recoding using the mysqli library. [See http://php.net/manual/en/book.mysqli.php]

    I prefer mysqli over the alternative PHP Data Objects (PDO) library because PDO does not support procedural code.

    EDIT: I have now tried to read your code but the extremely long multi statement lines make it too hard to follow.
    Last edited by richpri; March 17th, 2013 at 08:19 AM. Reason: Add request to reply.
  8. #5
  9. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Hi,

    the SQL syntax is wrong. Single quotes denote strings (like in PHP), so 'user_id' is the literal string 'user_id'.

    Identifiers usually aren't quoted at all -- which is exactly what you did for all other identifiers. If you do need to quote them, you either have to use backticks `` (which are a MySQL quirk) or double quotes "" (which are the standard but must be specifically enabled in MySQL).
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".

IMN logo majestic logo threadwatch logo seochat tools logo