Why is this function not working correctly:

$_SESSION['room'] = $room;
$query = "SELECT name from rooms WHERE name='$room'";
$result = mysql_query($query) or die(mysql_error());
while($row = mysql_fetch_array($result)){
if($room == "$_POST[room]"){
@mysql_query("INSERT INTO messages SET
user = '$uid',
value = 'everybody',
message = 'Logged into the $room room.',
style = '$color',
latest = '$utime',
ip ='$ip',
room='$room'");
} else {
echo ("No Such Room");
exit();
}
}


If the room is found in the database it logs in and shows the message Logged into the public room. However if the room isn't found it still logs in an doesnt use the statement .... what is wrong with my code?

if the name doesnt exist, then it shouldnt go through the while loop at all should it?

maybe:

select count(*) from rooms where name='$room';

or use your query and check mysql_num_rows > 0 to tell you if it exists

if i remove the while loop, it still logs in and does error...

if($room == "$_POST[room]"){

should be:

if($room == $_POST['room']){

Wish this help :)

Thanks Oras, that still doesnt invoke it so it errors if the room isnt found

whats mysql_error() return?

remove the if statement entirely i would say.

I assume before that code you have $room = $_POST['room'].
You should probably change the while loop into an if, assuming that name='$room' only should produce a single result.

$_SESSION['room'] = $room;

$query = "SELECT name from rooms WHERE name='$room'";
$result = mysql_query($query) or die(mysql_error());

while($row = mysql_fetch_array($result)) {
if($room == "$_POST[room]") {
@mysql_query("insert into messages VALUES
user = '$uid',
value = 'everybody',
message = 'Logged into the $room room.',
style = '$color',
latest = '$utime',
ip ='$ip',
room='$room'");
} else {
echo ("No Such Room");
}
exit();
}


ive tidied up your code, and lined up your braces. you had an extra one at the end

currently the code will do nothing if the room doesnt exist

alternatively just do

$row = mysql_fetch_array($result);
if($row)

and get rid of the while

Thanks Slidey, I tried your code ... However it logs you in if the room doesnt exist and displays a blank page if it does exist.

how do you code the part that "Logs you in"?
and yes, the above code will display nothing if it finds room in database

This does the authentication:

if(!isset($uid)) {
}
$_SESSION['uid'] = $uid;
$_SESSION['pwd'] = $pwd;
$_SESSION['color'] = $color;
$_SESSION['room'] = $room;

$sql = "SELECT * FROM users WHERE username = '$uid' AND password = '$pwd'";
$result = mysql_query($sql);
if (mysql_num_rows($result) == 0) {
unset($_SESSION['uid']);
unset($_SESSION['pwd']);
$_POST['uid'] = trim($_POST['uid']);
if(strlen($_POST['uid']) > $user_name_length){
echo("<html><body $style>");
echo("<center>Sorry, the username is longer than $user_name_length characters, please shorten it.");
echo("</body></html>");
exit;
}
echo ("<html><body $style>");
echo ("<center>Incorrect Username or Password combination please press back to try again.");
echo ("<br>");
echo ("If you are not yet registered <a href=signup.php target=new>Click Here</a> to register.");
echo ("</body></html>");
exit;
$username = mysql_result($result,0,'username');

Thats in a file called authentication ......

the peice of code i supplied goes in the main file chat.php

I'd suggest using mysql_real_escape_string in your query.
also
I don't really understand the 1st 2 lines of your code - typo?

I want to get the functions working correctly before i work on securing them.

Thats part of another piece of code. wasnt meant to copy that over.

I noticed you where testing mysql_error in the begining but did you see what it was returning?

Add the following after the query:

if(mysql_error()){
echo "QUERY: $sql<br />\n";
echo "ERROR: ".mysql_error()."<br >\n";
exit;
}

The query is actually excuting on each login, The problem is when you login to a room that doesnt exist it allows you through and inserts the information into the database that the user has logged into the room even though it doesnt exist.

The if statement doesnt seem to be stopping people from logging in if the room doesnt exist.

What i want it todo is check if the room exists, if not i want it to error ... if it exists it excutes the code and inserts that they have entered that room.

But all the code seems todo is login and not stop the login if the room doesnt exist.

here you go bantam

<?php
//where is $room defined? or is the session statement below backwards.
$_SESSION['room'] = $room;
//this query checks if the room exists right?
$query = "SELECT name from rooms WHERE name='$room'";
// @ added, see below
$result = @mysql_query($query) or die(mysql_error());//btw get rid of the 'or die' in the future and handle the error gracefully.
//changed while to if
if( ( $row = mysql_fetch_array($result) ) ) {
//remove if statement
// if($room == "$_POST[room]") {
//if you use the @ here you should use it above on the previous query statement too
//(not for syntax reasons but it is best to do things one way through a php file and not switch styles mid file).
@mysql_query("insert into messages VALUES
user = '$uid',
value = 'everybody',
message = 'Logged into the $room room.',
style = '$color',
latest = '$utime',
ip ='$ip',
room='$room'");
} else {
echo ("No Such Room");
//remove a bracket and move the error message echo to the new if statement
//}
//you want exit on no room existing right?
exit();
}
?>

$_SESSION['room'] = $room;

and how you get $room?

Thanks Korvan! your's seems to of got it going ...

Only problem is now it doesnt insert the welcome message but i'm sure i can figure that one out! Thank you for your help.

Got it working exactly how i wanted! thank you everybody who has helped.