mysql finding username and password not returning record

#1

Username and Password are pasted in from a form.
I know the record exitst and have double checked the username and
password.
If I remove the Password=password('".$Password."') and replace it with
the already encrypted password as Password='123838d839d' it finds the
record. So what am I doing wrong?

$Username=strip_tags(trim($_POST["Username"]));
$Username=mysql_real_escape_string($Username);
$Password=strip_tags(trim($_POST["Password"]));
$Password=mysql_real_escape_string($Password);

$qryResult = mysql_query("SELECT * FROM Listings WHERE
Username='".$Username."' and Password=password('".$Password."')");

Thanks
Mike

#2

On Sun, 01 Jan 2012 21:18:19 -0500, Michael Joel <no (AT) please (DOT) com>
wrote:

Quote:

Username and Password are pasted in from a form.
I know the record exitst and have double checked the username and
password.
If I remove the Password=password('".$Password."') and replace it with
the already encrypted password as Password='123838d839d' it finds the
record. So what am I doing wrong?

$Username=strip_tags(trim($_POST["Username"]));
$Username=mysql_real_escape_string($Username);
$Password=strip_tags(trim($_POST["Password"]));
$Password=mysql_real_escape_string($Password);

$qryResult = mysql_query("SELECT * FROM Listings WHERE
Username='".$Username."' and Password=password('".$Password."')");

Thanks
Mike

Solved....
I had set the password field lungth to short so it was truncating the
value. password() of course then did not match the truncated version.

Mike

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

mysql finding username and password not returning record

comp.databases.mysql comp.databases.mysql

mysql finding username and password not returning record - 01-01-2012 , 08:18 PM

Re: mysql finding username and password not returning record - 01-01-2012 , 09:43 PM