Jump to content
Larry Ullman's Book Forums

Recommended Posts

Larry & all,

 

I'm having a strange occurrence and quite frankly it's beaten me (so far). I'm writing a login script which is failing, so I debugged and then hit the client with the query. The query executes fine but 0 results are returned. SO i started to dissect the query, this query worked fine:

 

SELECT `user_id` FROM users WHERE `email`='myemail@email.com'

and every subsequent query worked using the WHERE clause except for when I searched using the WHERE clause for the `pass` column. Every time I try to find the password column the query failed. What am I doing wrong? I'm really bamboozled by this:

 

This is as simple a query I could make and it returns 0 results and the column is definitely pass and the value of the row (There is only 1 row in the table) is definitely correct.

SELECT * FROM `users` WHERE `pass`='bb4c572b60661fe7dff6cca2fffc8c2155cb2cf85c5ce9f367f1c8df1228029d'

 

I feel very confused and somewhat embarrassed asking this question :(

Link to comment
Share on other sites

SELECT * FROM `users` WHERE `pass`='bb4c572b60661fe7dff6cca2fffc8c2155cb2cf85c5ce9f367f1c8df1228029d'

 

I feel very confused and somewhat embarrassed asking this question :(

Is it the fact that you are quoting the table of which you are trying to get information from?

 

Edit: Hmm scrap that, should work even when quoted.

Is there any chance you could screenshot the phpmyadmin of the password row, just to see if any of us can spot something that you possibly missed? Don't include any unrequired but secure information

Link to comment
Share on other sites

Your query works (of course ) in my database, except if I mistakenly type an unbreakable space somewhere (on my keyboard, an unbreakable space is option-space). This happens to me now and then, and it's really the kind of typo that's difficult to spot because in phpMyAdmin, for instance, you can't see any difference between an ordinary space and an unbreakable space. Could something like that have happened with this query?

Link to comment
Share on other sites

Hi Craig & Josee,

 

This is the password field as requested -> I've just double clicked on it to show that it is all of the hash. I'm just copying it from the row and pasting it into the query. So i don't see how I've accidentally missed a character or anything. I'm not sure if what you speak of has happened to me Josee, I would think not as I have tried it so many times.

 

8x06dl.png

 

Rob thanks for your input, I have tried with and without back-ticks, either way i believe the query is still valid and it doesn't return any rows. I think you would still have to quote the password value as it's a string not an integer however.

Link to comment
Share on other sites

Thanks Craig, the only thing I can see now is that If just return the whole row using just an id field to find it using PHP in the browser. Is that the pass field although inside the DB as

b39d2b5c22502dceda406d1f6b169fce37b687d9202d0328765e473d724dd51d
it is returned from the DB in the browser as
³+\"P-ÎÚ@mkŸÎ7¶‡Ù -(v^G=rMÕ

I exported the table to see what was happening and it's stored as

³+\\"P-ÎÚ@mkŸÎ7¶‡Ù -(v^G=rMÕ

also.

Link to comment
Share on other sites

Right, I am getting somewhere maybe here. I took the password, hashed it in a test script and echoed it out, it returned:

³+\"P-ÎÚ@mkŸÎ7¶‡Ù -(v^G=rMÕÏ

Then I queried the database just using the id field and returned the within the row password and that returned:

³+\\"P-ÎÚ@mkŸÎ7¶‡Ù -(v^G=rMÕ

Notice how the final character is missing from it. I shall re-look at my registration script to see if I can see anything.

 

I shall look at this, but it still doesn't explain to me how when I just use the value of the pass field in the SQL query within the client it returns 0 results :wacko:

 

my password column is that of the ecommerce book `pass` varbinary(32)

 

To Update: I feel i'm making progress, i've reworked my query within PHP and it seems to let me log in now, I was using prepared statements, which I've never used before, so I went back to basics and used standard SQL. But the reason I did this was because I built the ecommerce project 1 in Larry's book a while ago and I still had the database knocking around, so I ran the same query, i.e. trying to find a row within the client using the pass fields value. This FAILED (Which is really strange to me, perhaps Larry knows why, maybe its something to do with the field being varbinary). But the login work(s|ed) and always has within the browser for Knowledge is Power. So I suspect that the initial prepared statements SQL i was using through PHP somewhere had a fault in it, although I did first of all try to look there for a problem. Then I turned to the client as I was getting nowhere, which it would appear wouldn't verify that the pass field was correct even though it is. I know that the logins worked for larry's first ecommerce project and have tested them today, so I went back to my PHP script rewrote them all in standard SQL and it would appear to be working now. I am still clueless as to why this occured really. But I thank all who have put suggestions forward. I hope that this is resolved now, but we'll see, i'll do some more tidying/testing.

Link to comment
Share on other sites

May I ask as to why you're querying the password field anyway? Surely if you're doing a login script you should compare their password using the same hash code that you chose in the registration form.

 

Also I think the reason why the last character was taken off when you queried the database is because it added a extra backslash 4th character in maybe theres a size limit exceeded.

Link to comment
Share on other sites

 Share

×
×
  • Create New...