Topic: Pulling Multiple User Data from MySQL Table

[angelfish723]

I am working on a password protected website that will have multiple users. I'll be giving each user their own username and password (they won't be creating them or registering or anything). Once they sign in, they will be redirected to a page that will say, "Welcome, Mr. Smith!" I also want to have more information in the database about them, like their first name, their spouse's name, etc.) I'm trying to us MySQL and php and I think I'm really close to figuring out how to do this, but I'm getting the error:

Failed to connect to server: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)

Here is the code I'm using:

<?php

//Start session

session_start();

//Include database connection details

require_once('config.php');

//Array to store validation errors

$errmsg_arr = array();

//Validation error flag

$errflag = false;

//Connect to mysql server

$link = mysql_connect(host, user, pass);

if(!$link) {

die('Failed to connect to server: ' . mysql_error());

}

//Select database

$db = mysql_select_db(database);

if(!$db) {

die("Unable to select database");

}

//Function to sanitize values received from the form. Prevents SQL injection

function clean($str) {

$str = @trim($str);

if(get_magic_quotes_gpc()) {

$str = stripslashes($str);

}

return mysql_real_escape_string($str);

}

//Sanitize the POST values

$login = clean($_POST['login']);

$password = clean($_POST['password']);

//Input Validations

if($login == '') {

$errmsg_arr[] = 'Login ID missing';

$errflag = true;

}

if($password == '') {

$errmsg_arr[] = 'Password missing';

$errflag = true;

}

//If there are input validations, redirect back to the login form

if($errflag) {

$_SESSION['ERRMSG_ARR'] = $errmsg_arr;

session_write_close();

header("location: login-form.php");

exit();

}

//Create query

$qry="SELECT * FROM table WHERE user='$login' AND pass='".md5($_POST['password'])."'";

$result=mysql_query($qry);

//Check whether the query was successful or not

if($result) {

if(mysql_num_rows($result) == 1) {

//Login Successful

session_regenerate_id();

$member = mysql_fetch_assoc($result);

$_SESSION['SESS_USER'] = $user['user'];

$_SESSION['SESS_FULL_NAMES'] = $user['full_names'];

$_SESSION['SESS_GUES_ONE'] = $user['guest_one'];

session_write_close();

header("location: member-index.php");

exit();

}else {

//Login failed

header("location: login-failed.php");

exit();

}

}else {

die("Query failed");

}
?>

I've double-checked the host, user, and pass to make sure they are right and they are. I also have a mysql.sql text document that has all the information that I want about each user in it. I've put that in my root folder along with everything, but I'm not really sure where that falls in the mix of things... how does the file pull that information from it? Here is what is in the text doc:

--
-- Table structure for table `users`
--

CREATE TABLE `users` (
  `user` varchar(10) collate latin1_general_ci NOT NULL default '',
  `pass` varchar(10) collate latin1_general_ci NOT NULL default '',
  `full_names` varchar(40) collate latin1_general_ci default NULL,
  `guest_one` varchar(20) collate latin1_general_ci default NULL,
  `guest_two` varchar(20) collate latin1_general_ci default NULL,
  `guest_three` varchar(20) collate latin1_general_ci default NULL,
  `guest_four` varchar(20) collate latin1_general_ci default NULL,
  `guest_five` varchar(20) collate latin1_general_ci default NULL,
  `guest_six` varchar(20) collate latin1_general_ci default NULL,
  PRIMARY KEY  (`user`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci;

--
-- Dumping data for table `users`
--

INSERT INTO `users` (`user`, `pass`, `full_names`, `guest_one`, `guest_two`) VALUES("john", "password", "Mr. and Mrs. John Smith & Family", "John Smith", "Jane Smith");

Thank you for any help in advance!

[mikosiko]

at first glance (I didn't read all the code) this line:
//Connect to mysql server

$link = mysql_connect(host, user, pass);

doesn't look good  at all... that should be something like:

//Connect to mysql server

$link = mysql_connect($host, $user, $pass);

and obviously you have to define the values for each variable in some place

[angelfish723]

Oh that is just where I have put my database host, data user, and the password. I just used those words as placeholders for this forum.

[mikosiko]

Sorry if I'm insulting your intelligence here (no my intention).. but.. after read again your post here:

I also have a mysql.sql text document that has all the information that I want about each user in it. I've put that in my root folder along with everything, but I'm not really sure where that falls in the mix of things... how does the file pull that information from it? Here is what is in the text doc:

I'm wondering if you really have MYSQL installed, up an running.. could you please clarify it you have it and how did you tested that it is in working conditions?

[angelfish723]

Oh trust me, you're not insulting me, I'm VERY new to this!!

I was learning how to even set up MySQL and was going through a tutorial, learned how to get connected to the database, and everything, and that worked when I tested it out.

The code I'm using now, that I posted earlier, I got from another source, but figured I would be able to put in the host name, user name and password to my database, just like I had done before. The part that I'm talking about that I put in my root folder, that's the mysql.sql document that came along with files from the source that I got my code from. I'm not even sure how that works, or where that falls in all of this. I've set my database up with the table, and I exported it to get the top part of the mysql.sql document, but I kind of followed what they had for the bottom part of the document, where it has the INSERT INTO part. And I'm assuming each user gets an INSERT INTO line?

[mikosiko]

well.. try to isolate the problem first... test again that MYSQL is working

try this replacing the "your_etc.etc" with the username and password for your database and see if that works.

<?php
$link = mysql_connect('localhost', 'your_username', 'your_username_password');
if (!$link) {
    die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully';
mysql_close($link);
?>

[angelfish723]

Okay we're getting somewhere!! I realized I didn't have single quotes (or any quotes for that matter) around the host name, username, or password. So I fixed that and am not getting the error anymore, BUT I'm getting the Login Failed page. Which probably means it's not pulling the info correctly from the mysql.sql document... right?

[mikosiko]

good...

looks this lines:

//Function to sanitize values received from the form. Prevents SQL injection

function clean($str) {

$str = @trim($str);

if(get_magic_quotes_gpc()) {

$str = stripslashes($str);

}

return mysql_real_escape_string($str);

}

//Sanitize the POST values

$login = clean($_POST['login']);

$password = clean($_POST['password']);

Do you see the reference to a "form" and then the usage of $_POST['login'] and $_POST['password'] ??

if you don't have the form (another php/html file) which is supposed to show you a screen to allow you enter your login and password and then call the script that you posted, then I'm afraid that you need to read/study a lot more before make it works.

and forget about the "mysql.sql" document that you have.. the purpose of that was only create the table and import a row of data on it ... which according to your post you already did.

just read/try some more examples and if you have doubts post again

[angelfish723]

Yeah I've got a form document... I will read up more on why I might be getting the login failed page now.

Thank you for your help!!