-3

login php with different user by classified the code using nested if method, however, it will only run the first if but not the second

$sql= mysql_query("SELECT * FROM user WHERE id= '$id' AND password= '$password'");

$sql1 = "SELECT position FROM user WHERE id ='$id' AND password = ' $password'";    

if(mysql_num_rows($sql) > 0)

{
    if($sql1 = "student" )

where the nested if begin

    {
echo ("<SCRIPT LANGUAGE='JavaScript'>
        window.alert('Login Succesfully!.')
        window.location.href='google.com.my'
        </SCRIPT>");

        }
        else if($sql1 = "lecturer" )**it will not run until this if **
    {
echo ("<SCRIPT LANGUAGE='JavaScript'>
        window.alert('Login Succesfully123!.')
        window.location.href='www.yahoo.com'
        </SCRIPT>");

        }
            exit();
}
else{
echo ("<SCRIPT LANGUAGE='JavaScript'>
        window.alert('Wrong username password combination.Please re-enter.')
        window.location.href='login.html'
        </SCRIPT>");
exit();
}
}   
?>
Daniel A. White
  • 187,200
  • 47
  • 362
  • 445
user3714966
  • 1
  • 1
  • 1
    **warning** your code is vulnerable to sql injection attacks and you should **NEVER** store users passwords in plain text. – Daniel A. White Jun 06 '14 at 12:13
  • for a start, `if($sql1 = "student" )` is assignment not comparison, you need a `==`. Also, `$sql1` doesn't equal `student`.. there are many problems here – Alfie Jun 06 '14 at 12:15
  • What @Alfie says, if you write `if(a = b)` it will give a the value of b. You should write `if(a == b)` which means it sees if those are equal. – Déjà vu Jun 06 '14 at 12:17

4 Answers4

0

In your second sql statement, change ' $password'"; to '$password'";

Andrew
  • 18,680
  • 13
  • 103
  • 118
0

You are not comparing, but assigning value to $sql1

if($sql1 = "student" )

Change to

if($sql1 == "student" )

For password safety, use password_hash function

Justinas
  • 41,402
  • 5
  • 66
  • 96
0

use 

$sql1 = mysql_query("SELECT position FROM user WHERE id ='$id' AND password = ' $password'");

instead of

$sql1 = "SELECT position FROM user WHERE id ='$id' AND password = '$password'";

You have to fetch the data from table using mysql_fetch_array or mysql_fetch_assoc

And if condition should be 

if($something == "student" )

not 

if($something = "student" )

EDIT

Try like this..and make required changes 

$sql1 = mysql_query("SELECT position FROM user WHERE id ='$id' AND password = ' $password'");
if($row = mysql_fetch_array($sql1))
{
   $result = $row['position'];
}

Then

if($result == "student")
{
  //do something...
}
Deepu Sasidharan
  • 5,193
  • 10
  • 40
  • 97
  • after i changed all, it will show only blank page instead of showing the google or yahoo site. and it still stay in the php page. – user3714966 Jun 06 '14 at 12:25
  • sql= mysql_query("SELECT * FROM user WHERE id= '$id' AND password= '$password'"); $sql1 = mysql_query("SELECT position FROM user WHERE id ='$id' AND password = ' $password'"); if($row = mysql_fetch_array($sql1)) { $result = $row['position']; } if(mysql_num_rows($sql) > 0) { if($result == "student") { echo ('hi'); echo (""); } else { echo ('hi1 '); – user3714966 Jun 06 '14 at 12:45
  • and finally close two brackets at the end – Deepu Sasidharan Jun 06 '14 at 12:51
  • same , it's still not working. i will run straight to if statement 2 – user3714966 Jun 06 '14 at 12:56
  • Try the query seperately to make sure they are working. If the queries are working fine then go to each if condition in a step wise manner. Thanks for try :) – Deepu Sasidharan Jun 06 '14 at 13:02
  • Sorry i still dont get it . – user3714966 Jun 06 '14 at 13:14
0

You never run a query to return a value to $sql1. put mysql_query around your $sql1 query and it'll return what you want. Also you're not breaking out of your query to input data, you have to do mysqli_query("SELECT * FROM user WHERE id = "' . $id . '" AND password = "' $password'");

Also you should move to mysqli_query rather than mysql_query. MySQL vs MySQLi when using PHP

Community
  • 1
  • 1
pcort
  • 419
  • 1
  • 6
  • 19