I have been making my own tutorial management syste but I am having some trouble with my admin page
The problem is whenever I login and click on any feature (ie edit or delete) the page has to load again and it asks for the login information again and I am unable to use the features of the admin panel with the password protection what should I do considering I dont know about cookies that well
Seems like you can't login, and you just get forwarded after the login page. Bit hard to guess what exactly is wrong but if you are using cookies make sure you use the same name and value on all pages.
| rvec wrote: |
| Seems like you can't login, and you just get forwarded after the login page. Bit hard to guess what exactly is wrong but if you are using cookies make sure you use the same name and value on all pages. |
Well I am not using cookies and I well I found this problem when recoding the login page
| Quote: |
| The username does not exist please try again Unknown column 'admin' in 'where clause' |
the code
| Code: |
<?php
session_start();
require ('config.php');
if(!isset($_POST['login']))
{$path=$_SERVER['PHP_SELF'];
echo ('
<div align="center">
<center>
<table border="1" width="302" height="238">
<tr>
<td width="302" height="238">
<form method="POST" action="'.$path.'">
Username : <input type="text" name="username" size="20"><br>
Password : <input type="password" name="password" size="20"><br>
<input type="submit" value="Submit" name="login"></td>
</tr>
</table>
</center>
</div>
');
}
else {
$username= htmlspecialchars(addslashes($_POST['username']));
$password=md5($_POST['password']);
$query="SELECT * FROM admin WHERE username =".$username;
$result=mysql_query($query) or die ("The username does not exist please try again ".mysql_error());
while($row=mysql_fetch_array($result))
{$pass=$row['password'];
if($pass == $password)
{echo "You have logged in successfully!";
$_SESSION['id'] = $username;
$_SESSION['password'] = $pass;
header ('Location: admin2.php');
}
}}
?> |
and I have already added my login information in the database with the username as admin | Code: |
| Unknown column 'admin' in 'where clause' |
Meaning the database structure is wrong.Last month I have many troubles with "WHERE" because I need lot of different combination for search engine. If you looking in this line
| Quote: |
| $query="SELECT * FROM admin WHERE username =".$username; |
MySQL read this like $query="SELECT * FROM admin WHERE username =" admin; - what is wrong. Right sintax is:
$query="SELECT * FROM admin WHERE username ='admin'";
I am solve the same problem with simple trick:
| Code: |
| $where = "WHERE username='$username'"; |
and query:
| Code: |
| $query="SELECT * FROM admin $where"; |
Sonam why not just do
| Code: |
| $query="SELECT * FROM admin WHERE username ='$username'"; |
or a bit faster
| Code: |
| $query='SELECT * FROM admin WHERE username =\''. $username .'\''; |
thanks a lot ! 
The error is fixed | rvec wrote: |
why not just do
| Code: | | $query="SELECT * FROM admin WHERE username ='$username'"; |
or a bit faster
| Code: | | $query='SELECT * FROM admin WHERE username =\''. $username .'\''; |
|
I am not good in MySql, but I got some errors when I try to pass few variables direct in sql query. Maybe I do some stupid mistake, I don't know, but I solved this with premaid part of query.
Sonamyour problem seems to be a matter of signs. Check well comas ans quotes.
| Quote: |
I am not good in MySql, but I got some errors when I try to pass few variables direct in sql query. Maybe I do some stupid mistake, I don't know, but I solved this with premaid part of query. |
$query="SELECT * FROM admin $where";
that's also a var in a query 
the problem you make here:
$query="SELECT * FROM admin WHERE username =".$username;
is that there are no '' around the variable and thus generating an error
also you use "" and you keep the variable outside the "". With '' this is needed but with "" you can put variables in.
