PHP/SQL Username and password check

FookinNora · May 3, 2012, 6:59pm

Back Story: I’m making a game using Construct 2 and i’m trying to make a server based login system, the game accesses a PHP page and from a return determines if login details are correct and returns some info in regards to the user.
Ok so the PHP page is accessed and sent the user name and password eg(“ANDY and PASS”), then php code gets the username and password from an SQL database. The problem is when edit the SQL request to only return results where the username = the username input into the php script it returns no values. I’ve returned all the values from the table and the echo’ed them and they are the same but still it won’t do it. I’ve managed to do the same thing for a ID number using

[php]
$sql = mysql_query("SELECT TITLE FROM Board WHERE ID_NUM =$ID_NUM AND TITLE IS NOT NULL LIMIT 0, 1 ");
[/php]

So i used the same code again for what i want to do with the Username

[php]
$sql = mysql_query(‘SELECT USER, PASSWORD FROM Users WHERE PASSWORD IS NOT NULL’);
[/php]

I know its accessing the database as without the “WHERE USER = USER” it returns the values from the database and i know the values compared are the same as when i get them they are identical . I don’t understand :/, do you have to do something with strings different to numbers in PHP or SQL any help will be great

Thanks

FookinNora · May 4, 2012, 1:27am

Sorry the second code is how i know it connects as that returns a value This:
[php]
$sql = mysql_query("SELECT USER, PASSWORD FROM Users WHERE USER =$USER_ID ANDPASSWORD IS NOT NULL LIMIT 0, 1 ");

echo $USER_ID;
echo $PASS_ID;
echo " - ";

while($row = mysql_fetch_array($sql))
{
echo $row[‘USER’];
}
[/php]

However returns:

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/a8368221/public_html/DailyWord/Login.php on line 42

I’m guessing that is because its not retrieved a value for USER

FookinNora · May 4, 2012, 2:30am

Ok thanks but i solved my own problem, before I was only checking digits, now i’m using strings. As i thought there was a format problem and the need to be a string conversion so I tried some code fiddled around until i came up with this
[php]
$sql = mysql_query(“SELECT USER, PASSWORD FROM Users WHERE USER = CONVERT(_utf8 ‘$USER_ID’ USING latin1) COLLATE latin1_general_ci AND PASSWORD IS NOT NULL”);
[/php]

Now it all works seems silly you need to convert but who cares IT WORKS!!!