Page 1 of 1

what is wrong with this code

Posted: Thu Jun 04, 2009 10:01 am
by umang40
//login is successfully made with wrong username and password.

<?php
$con=mysql_connect("localhost","root","");
if(!$con)
{
die("could not connect".mysql_error());

}
mysql_select_db("db1",$con);
$uname=$_POST['FirstName'];
$pwd=$_POST['passwordd'];
$sql="select username,password from register where username='$uname' and password='$pwd' ";
$result=mysql_query($sql);
if(!$result)
{
echo "invalid username or password";
}
else
{
echo "go";
}

Re: what is wrong with this code

Posted: Thu Jun 04, 2009 10:08 am
by mattpointblank
if(!$result) won't give you the answer you expect - $result is 'true' in the sense that it has returned something (in this case, 0 rows), so your code evaluates to true. Try this:

if(mysql_num_rows($result) > 0)

This counts the number of results the query returned, rather than the success of the query itself.

Re: what is wrong with this code

Posted: Thu Jun 04, 2009 10:19 am
by Chalks
also, good lord. Please, please, PLEASE don't insert raw POST data into a query. Don't store plaintext passwords (hash them!).

read this: http://en.wikipedia.org/wiki/SQL_injection
and this: http://blog.moertel.com/articles/2006/1 ... a-database

now use the following to (at least partially) combat both of those issues:
mysql_real_escape_string - for basic escaping
hash("sha256", $password) - for hashing passwords

then read this for more general security information: http://forums.devshed.com/php-developme ... ge=1&pp=15 (specifically #4)