i've got a bit of a problem with a php script i'm working on:


<?
require("./global.php");
$uinfo=$DB_site->query("SELECT userid,password FROM user WHERE username = '$USER'");
if ($uinfo[password]!=$PASS) exit;
$DB_site->query("INSERT INTO nowplaying (nowplayingid,userid,song,artist,album,dateline) VALUES ('0','".$uinfo[userid]."','$SONG','$ARTIST','$ALBUM','".time()."'");
$DB_site->query("UPDATE user SET npsong = '$SONG' AND npartist = '$ARTIST'");
?>


it's not inserting anything into the "nowplaying" table and it's not updating the user table like it should. any ideas?

thanks.

First, make sure this bit of code isn't stopping the execution:

if ($uinfo[password]!=$PASS) exit;

I'd suspect that you aren't encrypting the $PASS value, so you might be comparing an encrypted password, with a non-encrypted password... So the execution is stopped.

Use: $uinfo=$DB_site->query_first

here's what i've got:


<?
require("./global.php");
$uinfo=$DB_site->query_first("SELECT userid, password FROM user WHERE username = '$USER'");
if ($uinfo[password]!=$PASS) exit;
$SONG=addslashes($SONG);
$ARTIST=addslashes($ADDSLASHES);
$ALBUM=addslashes($ALBUM);
$DB_site->query("INSERT INTO nowplaying (nowplayingid, userid, song, artist, album, dateline) VALUES ('0', '".$uinfo[userid]."', '$SONG', '$ARTIST', '$ALBUM', '".time()."')");
?>


it still won't insert, and it seems $ARTIST is not being set from the query string as it should, because i got it to insert once when i used $bbuserinfo rather than my own query and the artist field was blank. however, i need to use my own query.

Shouldn't be this:

$ARTIST=addslashes($ARTIST);

Instead of:

$ARTIST=addslashes($ADDSLASHES);

And like 'JulianD' already said, u probably compare an encrypted password with a non-encrypted password.

Where is $PASS coming from?

oops! yeah, thanks for pointing that out.

but $PASS is already md5()'ed