MYSQL Query

**rlhanson** · 02-11-2010

I have a pretty cool php script that I got from phpsense.com and have changed the connection information to query an existing database on my server.
What I would like to do (I know JM is now groaning)

is:

When a user logs in with their email and password, check db1/table1 & db2/table2 to see if the user exists in either db. If they do, allow login, if not in either, don't allow login.
I read something about JOIN, but I don't get it. I want to eventually be able to display content based off of which (or both) db the user exists in and I need to pass the login/password to login scripts (I got that part figured out).

Config:

PHP Code:

 <?php
 define('DB_HOST', 'localhost');
    define('DB_USER', 'user');
    define('DB_PASSWORD', 'pw');
    define('DB_DATABASE', 'database');
?>

Login script:

PHP Code:

 <?php
 //Start session
 session_start();
 
 //Include database connection details
 require_once('config.php');
 
 //Array to store validation errors
 $errmsg_arr = array();
 
 //Validation error flag
 $errflag = false;
 
 //Connect to mysql server
 $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
 if(!$link) {
  die('Failed to connect to server: ' . mysql_error());
 }
 
 //Select database
 $db = mysql_select_db(DB_DATABASE);
 if(!$db) {
  die("Unable to select database");
 }
 
 //Function to sanitize values received from the form. Prevents SQL injection
 function clean($str) {
  $str = @trim($str);
  if(get_magic_quotes_gpc()) {
   $str = stripslashes($str);
  }
  return mysql_real_escape_string($str);
 }
 
 //Sanitize the POST values
 $login = clean($_POST['login']);
 $password = clean($_POST['password']);
 
 //Input Validations
 if($login == '') {
  $errmsg_arr[] = 'Login ID missing';
  $errflag = true;
 }
 if($password == '') {
  $errmsg_arr[] = 'Password missing';
  $errflag = true;
 }
 
 //If there are input validations, redirect back to the login form
 if($errflag) {
  $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
  session_write_close();
  header("location: login-form.php");
  exit();
 }
 
 //Create query
 $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'";
 $result=mysql_query($qry);
 
 //Check whether the query was successful or not
 if($result) {
  if(mysql_num_rows($result) == 1) {
   //Login Successful
   session_regenerate_id();
   $member = mysql_fetch_assoc($result);
   $_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
   $_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
   $_SESSION['SESS_LAST_NAME'] = $member['lastname'];
   session_write_close();
   header("location: member-index.php");
   exit();
  }else {
   //Login failed
   header("location: login-failed.php");
   exit();
  }
 }else {
  die("Query failed");
 }
?>

Can someone point me in the right direction?

Thread: MYSQL Query

LinkBack

Thread Tools

Search Thread

Display

Threaded View

Similar Threads

[MySQL] MySQL Database setup recommendation for best results.

Windows-Based MySQL dev tools - MySQL Front and MySQL Maestro

Posting Permissions