1

discovered this forum a few days ago and still not into it enough to contribute - will happen soon i hope :)

right now i am experiencing something weird i hope someone can help me with.

In the following php code:

when i run it and enter a valid username and password, it will always send me to failed.php although it should have returned a result.

When i add a random "echo" before the if clause, it goes into the correct branch, but of course can't do the header("Location..) any more.

Does anyone have an idea what i am missing here or why this is happening? Could it be some PHP setting i am not aware of?

thanks in advance Seb

(NOTE i know php4 is not up to date, sql injections etc. - i just want to know and maybe understand why this is happening ;) )

<?php

     include("config.php");

    $query = 'select * from users where username = "' . 
            $_POST['username'] . '" and password = "' . 
            md5($_POST['password']) . '"';
    $select_user = mysql_query($query);
    //echo "something";
    if ($select_user && ($row = mysql_fetch_row($select_user)))
    {
            $user_id = $row[0];
        session_start();
        session_register('authorized');
        $_SESSION['authorized'] = true;
        $_SESSION['uid'] = $user_id;
        //echo "anothersomething";
        header("Location: portal.php");
        exit;
    } 
    else 
    {
    $_SESSION['authorized'] = false;
        $_SESSION['uid'] = 0;
        header("Location: failed.php");
        exit;   
    }
    @MYSQL_CLOSE($db); 
?>
subtuppel
  • 11
  • 2
  • 1
    You really should escape the data you're passing into your SQL query, to prevent SQL injections -- see http://fr2.php.net/mysql_real_escape_string and https://secure.wikimedia.org/wikipedia/en/wiki/SQL_injection – Pascal MARTIN Mar 27 '11 at 11:46
  • Oh, and, BTW : PHP 4 is dead, not maintained anymore, and is not to be used anymore ! – Pascal MARTIN Mar 27 '11 at 11:49
  • 1
    i know, if it wasn't for someone who for whatever reason can't or won't move to php5 it is as it is... - if it was up to me i'd not use php at all ;) - and this is of course not what would be final code or something, i just can't understand this behaviour. – subtuppel Mar 27 '11 at 11:58
  • whats the "weird php error"?? – Yoram de Langen Mar 27 '11 at 12:08
  • are you sure it goes to the correct branch? have you tried to echo something out in the if clause? – Rho Mar 27 '11 at 12:14
  • i thought i had described it above? the script only goes into the branch of the if-clause it is supposed to go to, when that 'echo "somthing";' isn't commented. if it is commented, it always ends up in the else-branch, regardless if the query returns 1 row or not. so basically the if-clause is always evaluated as false when i don't have some output before!? – subtuppel Mar 27 '11 at 12:16
  • Raymond, yes: when i uncomment the two echos in the code above, it goes where it is supposed to. – subtuppel Mar 27 '11 at 12:17

0 Answers0