query return :: no match

wardly · #1 (**permalink**) 01-29-05, 23:56

I'm not sure if i would post this here or in the PHP forum. But the question is really more of a MySQL question then a PHP question.

What i'm trying to do is run a query for a login script using PHP and would like to know exactly what didn't match (assuming something didn't mach). For example you submit a username and a password but the password was incorrect, however the username was found.

i know how to perform the checks in php, but when you send a query to check them you'll get a false return from mysql. Is there a way to find out exactly what was false, the username or password?

r937 · #2 (**permalink**) 01-30-05, 00:22

easy

the query selects based on matching username only

no return means there is no user by that name

then the php script compares passwords

of course, you do not tell the person signing in which one was wrong, do you

wardly · #3 (**permalink**) 01-30-05, 00:28

i don't think i follow, here's exactly how its setup,

the user enters his username and password > submits the form.

PHP takes the password and runs it through a md5 function i have (adds a bit of more security using base64,md5 and seeding it). the username is run through htmlspecialchars,stripslashes and trim.

Then they are sent off to mysql. using a simple username=$username and password=$e_password

is that what your askin?

OR

are you refering to quering the database for the username only and then use php to check the password without sending it? (although i have never thought of doing it that way before)

r937 · #4 (**permalink**) 01-30-05, 00:33

yes, the latter, but you would of course retrieve the password at the same time as you check to see if a row with that username exists

wardly · #5 (**permalink**) 01-30-05, 00:37

hmm interesting, that's a pretty good idea lol

I'll have to do that, BUT out of curiosity now is it capable of mysql returning the bad match? what is it that mysql returns if anything more then false?