i`ve got a sql Table named "pwt" with the columns "usr" and "pw". There is only one entry with the values "admin" and "chat".
I get 2 values transfered via a php-form. Now should I compare the given values with the two in the sql table, and if they`re both right ("admin" and "chat"), than should the script redirect to another site, otherwise it should echo "password incorrect"
I know that this isn`t a real password mechanism, but it just runs on a virtual machine, and i just want to get the mechanism working.
This is the code:
<?php
$servername = "localhost";
$username = "name";
$password = "password";
$dbname = "chat";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$us1 = $_GET["user"];
$pw1 = $_GET["pswd"];
// sql for compare record
$sql = "SELECT usr, pw FROM pwt WHERE EXISTS (SELECT usr, pw FROM pwt WHERE usr = '$us1' AND pw = '$pw1')";
if ($conn->query($sql) === TRUE) {
header('Location: http://192.168.56.101/testat/source/admin.php');
} else {
echo "Falsches Passwort " . $conn->error;
echo "Passwort ist $pw1";
echo "Name ist $us1";
}
$conn->close();
?>
Where is my mistake?
Thanks so far.
This query function
$conn->query($sql)
only returns false if your query failed (as in error). You want to check if you actually get results. Try
if ($result->num_rows > 0) {
header('Location: http://192.168.56.101/testat/source/admin.php');
} else {
echo "Falsches Passwort " . $conn->error;
echo "Passwort ist $pw1";
echo "Name ist $us1";
}
Aside from that, you should just use this query in stead since yours should return every single row from pwt when the exist clause is true even just for one row:
$sql = "SELECT usr, pw FROM pwt WHERE usr = '$us1' AND pw = '$pw1'";
I solved this issue
// sql for compare record
$sql = "SELECT usr, pw FROM pwt WHERE EXISTS (SELECT usr, pw FROM pwt WHERE usr = '$us1' AND pw = '$pw1')";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
header('Location: http://192.168.56.101/testat/source/admin.php');
This works fine :), Thank you all for your help.