mysql php - simple lookup - super noob

phuschnickensphuschnickens Beverly Hills, Michigan Member
edited January 2010 in Internet & Media
I'm a super noob. Working on a VERY basic site. Here's the goal..

1. User types in password. No username.
2. Password determines what page to go to. (can direct to an html file at this point)

My mysql database consists of one table named pass with two fields in it.
One field is pass, one is orgnum (orgnum will indicate which page to go to 'orgnum'.html).

I have code that checks the password and forwards to a new page if successful (login_successful.php). That's where I'm lost. Don't know how to get login_successful.php to either populate with the correct html file or simply redirect to the correct html file.

Please help. Let me know if you need to see code etc.

Thanks in advance!

Comments

  • TiberiusLazarusTiberiusLazarus Icrontian
    edited January 2010
    I would probably use the header function http://php.net/manual/en/function.header.php

    Just have a check at the top to get the correct page from the db and then put that url into the header function.
  • phuschnickensphuschnickens Beverly Hills, Michigan Member
    edited January 2010
    oh okay great. thank you. i'm not quite sure how to do the lookup in order to determine the correct page to navigate to, however. Any ideas?
  • phuschnickensphuschnickens Beverly Hills, Michigan Member
    edited January 2010
    Got it:
    //perform query
$result=mysql_query("SELECT orgnum FROM pass WHERE pass='$mypassword'")
or die(mysql_error());

// store the record of the "example" table into $row
$row = mysql_fetch_array( $result );

// Print out the contents of the entry
echo $row['orgnum'];
$pg = $row['orgnum'];
header("Location: $pg");

    Thanks y'all
  • KwitkoKwitko Sheriff of Banning (Retired) By the thing near the stuff Icrontian
    edited January 2010
    You don't have to echo the result if you're doing a redirect. Also, a good tip for avoiding SQL injection is to rewrite the query as follows:
    [php]
    $password = stripslashes($_POST);
    $sql = sprintf("SELECT orgnum FROM pass WHERE pass='%s'", $password);
    $result = mysql_query($sql);
    $row = mysql_fetch_array($result);
    $pg = $row;
    header("Location: $pg");
    [/php]
  • phuschnickensphuschnickens Beverly Hills, Michigan Member
    edited January 2010
    Ahh the echo was left over from debugging and thanks for the security tip. Much appreciated.
  • KwitkoKwitko Sheriff of Banning (Retired) By the thing near the stuff Icrontian
    edited January 2010
    I also like to separate out my SQL statement from the $result = mysql_query part for easier readability.
Sign In or Register to comment.