mysql - simple login php not working -
created simple login form doesnt seem work.it opens admin page.
$username=$_post["username"]; $password=$_post["password"]; if(mysql_query("select * users username='$username' , password='$password'",$con)){ session_start(); $_session["username"]=$username; $_session["password"]=$password; header('location:admin.html'); } else{ echo "login failed.<a href=index.html>re login</a"; } need help.and here html part.
<form method="post" id="loginform" action="validate.php"> <table> <tr> <td> <label>username :</label> </td> <td> <input type="text" name="username"/> </td> </tr> <br> <tr> <td> <label>password :</label> </td> <td> <input type="password" name="password"/> </td> </tr> <br> <tr> <td> <input type="submit" id="login" value="log in" class="btn btn-primary"/> </td> <td> <input type="reset" id="reset" value="reset" class="btn btn-primary"/> </td> </tr> </table> need working code in 2hrs else im dommed
for select, show, describe, explain , other statements returning resultset, mysql_query() returns resource on success, or false on error.
use mysql_num_rows()
retrieves number of rows result set.
$result = mysql_query(mysql_query("select * users username='$username' , password='$password'",$con)); $row = mysql_num_rows($result); if ($row > 0) { header('location:admin.html'); } else { echo "login failed.<a href=index.html>re login</a"; } note
mysql deprecated instead use mysqli or pdo
don't store plain password database use hashing technic
http://php.net/manual/en/function.password-hash.php
http://php.net/manual/en/faq.passwords.php
to prevent sql injection check how can prevent sql injection in php??
Comments
Post a Comment