database login

#1
mutago

Posted 17 November 2011 - 08:34 PM

Programmer

Members
102 posts

Hi experts, am trying to login from a webpage but when i run this code,
it returns an error, any help please



#!C:/Ruby095/bin/ruby 

require 'cgi'


cgi = CGI.new

puts cgi.header


require "mysql"




begin

    con = Mysql.new 'localhost', 'root', 'root33', 'db'


    rs = con.query("SELECT * FROM account where username=%s %(username) and password = %s %(password)")

    

    rs.each do |row|

       



 if username == row[0] and password == row[1]:


puts 'login'

else

puts 'no'

end


    end

         

rescue Mysql::Error => e

    puts e.errno

    puts e.error

    

ensure

    con.close if con

end

#2
WingedPanther

Posted 18 November 2011 - 07:44 AM

A spammer's worst nightmare

Moderators
16,831 posts

Location:Upstate, South Carolina
Programming Language:C, C++, PL/SQL, Delphi/Object Pascal, Pascal, Transact-SQL, Others
Learning:Java, C#, PHP, JavaScript, Lisp, Fortran, Haskell, Others

What's the error?

Programming is a branch of mathematics.
My CodeCall Blog | My Personal Blog

#3
mutago

Posted 18 November 2011 - 12:40 PM

Programmer

Members
102 posts

okay, in the database, i have
username = mutago and password = mutanx22.
when i used sql query by referencing the username and password in this code below,


 rs = con.query("SELECT * FROM account where username='mutago' and password ='mutax22'")

the applications runs perfectly and only the right user are authenticated
okay now i want to authenticate the users access from web page and i have to look for a parameter symbol
that will be used to repalce username and password variables so that the right user will be authenticate so i set this


 rs = con.query("SELECT * FROM account where username=%s %(username) and password = %s %(password)")

This query authenticates both the wrong and right users. I think my problems lines in using wrong parameter symbols in the SQL where CLAUSE statement


  where username=%s %(username) and password = %s %(password)")

[/code}


In php,  it works this way

[code] ("SELECT * FROM account where username=$username and password = $password")

and php parameter symbol is $

any help please

#4
WingedPanther

Posted 18 November 2011 - 08:11 PM

A spammer's worst nightmare

Moderators
16,831 posts

Location:Upstate, South Carolina
Programming Language:C, C++, PL/SQL, Delphi/Object Pascal, Pascal, Transact-SQL, Others
Learning:Java, C#, PHP, JavaScript, Lisp, Fortran, Haskell, Others

Try this one:

("SELECT * FROM account where username='$username' and password = '$password'")

Programming is a branch of mathematics.
My CodeCall Blog | My Personal Blog

#5
mutago

Posted 19 November 2011 - 12:48 PM

Programmer

Members
102 posts

I think that $ is used for php and am running ruby CGI. I think the answer is close to something like this though i have tried it but it does not work OUT



    rs = con.query("SELECT * from user_log where username = %s and password =%s") % (username,password)

because to print value from database in ruby, i used %s parameter symbols,
thanks for your response and am still counting on you

#6
WingedPanther

Posted 19 November 2011 - 02:19 PM

A spammer's worst nightmare

Moderators
16,831 posts

Location:Upstate, South Carolina
Programming Language:C, C++, PL/SQL, Delphi/Object Pascal, Pascal, Transact-SQL, Others
Learning:Java, C#, PHP, JavaScript, Lisp, Fortran, Haskell, Others

As I've said before, I'm not a ruby programmer, but I would expect you to need to quote the parameters. I could certainly be wrong.

Programming is a branch of mathematics.
My CodeCall Blog | My Personal Blog