Using array to assign variables

[canajun]

Can somebody tell me where I'm going wrong?:

$sql = mysql_query("SELECT `email`,`myusername`,`mypassword` FROM `tblMembers` WHERE 1 AND `firstname` LIKE '$Firstname' AND `lastname` LIKE '$LastName'&quot or die (mysql_error());
$array=mysql_fetch_array($sql);
$pass = $array ["mypassword"];
$user = $array ["myusername"];
$email =$array ["email"];

This fails to assign the values to the variables ($pass,$user and $email)

Thanks!

 

[dpdoug]

I may be wrong, as I don't know the syntax so well for MySQL, but it seems to me the problem lies with your SQL statement.
You have single quotes around your column names and your table name - I think this is your first problem.

In your where clause you have single quotes around firstname and lastname which are columns name also - this is wrong.

Finally you have single quotes around variables $Firstname and $LastName - single quotes are only to be used with string literals.

Also, using LIKE with AND if you don't have an exact match in the table, it won't return anything.

You can use Where 1, I think in which 1 is column number 1 in which the order in which it was created, but it looks like the column firstname IS column one.

$sql = mysql_query("SELECT `email`,`myusername`,`mypassword` FROM `tblMembers` WHERE 1 AND `firstname` LIKE '$Firstname' AND `lastname` LIKE '$LastName'&quot

Try this:

SELECT email, myusername, mypassword FROM tblMembers WHERE firstname LIKE $Firstname AND lastname LIKE $LastName

Remember, PHP is case-sensitive, although MySQL may not be.

Hope this helps!

David

 

[Bastien]

one thing to note is the application purpose of the script...since you are looking for a certain name and password, using LIKE may have uninteded consequences like revealing more than one person with similar attributes...

also no mention of the running of the query itself here, usually somthing like:
$result= mysql_query($sql);

Also what does the '1' refer to?

Note: it is usually a bad idea to give a variable name $array as anyone who may be maintaining the code after you could become confused...

try this:

<?
//gonna assume that you have appropriately retreived the values for $Firstname and $Lastname from somewhere


$sql = mysql_query(&quot;SELECT email,myusername,mypassword FROM tblMembers WHERE firstname = '$Firstname' AND lastname = '$LastName'&quot or die (mysql_error());

//run the query
$result=mysql_query($sql);

//also consider some security here - what if you have users with the same names?

//check if there is more than one row returned by the query
if (mysql_num_rows($result)>1){
echo &quot;too many results...need to refine search&quot;;
die();
}



while ($row=mysql_fetch_array($result)){

$pass = $row [&quot;mypassword&quot;];
$user = $row [&quot;myusername&quot;];
$email =$row [&quot;email&quot;];
}

?>

hth

Bastien

cat, the other other white meat

 

[canajun]

Thanks for pointing out the errors David...

I did still need the single quotes around the variables in order for it to work, but other than that, your suggestion cured the problem.

Thanks again,

Bob

 

[canajun]

Thanks for the suggestions Bastien.. I will use them!

Bob