Page 1 of 1

login page issue

Posted: Tue Aug 11, 2009 12:36 am
by yasir_memon
i am facing a problem i want to login my page by giving user name and password i am using this code but this is ot working properly kindly help me in this regard if any one knows th in advance

Code: Select all

 
<Html>
<head>
<title>Insert Record</title>
</head>
<body>
 
<h1>insert Record</h1>
<form method="POST" action=log.php>
name <input type="text1" name=text1>
<br/><br/>
password <input type="text" name=text2>
<br/><br/>
<br/><input type="submit">
<br/><br/><br/>
</body>
</form>
</html>
 

Code: Select all

 
<?php
$A=$_REQUEST["text1"];
$B=$_REQUEST["text2"];
$conn=mysql_connect('localhost','root','server') or die("Error connection server");
$db=mysql_select_db("login",$conn) or die("error connecting database");
echo "connection mysql<br/>";
 
$sql="select * from log  where name='$_A' and pwd='$B'";
echo "connection mysql<br/>";
$res=mysql_query($sql)  or die(mysql_error());
echo "connection mysql<br/>";
if($res!=null)
{
    echo "good";
}
else 
{
    echo "invalid user name or password";
}
?>

Re: login page issue

Posted: Tue Aug 11, 2009 12:42 am
by Benjamin
:arrow: Moved to PHP - Code

Re: login page issue

Posted: Tue Aug 11, 2009 12:47 am
by bala_1225
HI

Code: Select all

 
<?php
 $A=$_REQUEST["text1"];
 $B=$_REQUEST["text2"];
 $conn=mysql_connect('localhost','root','server') or die("Error connection server");
 $db=mysql_select_db("login",$conn) or die("error connecting database");
 echo "connection mysql<br/>";
  
 $sql="select * from log  where name='[color=#BF0000][b]$A[/b][/color]' and pwd='$B'";[color=#BF0000][b]// plz chk your variables...[/b][/color]
 echo "connection mysql<br/>";
 $res=mysql_query($sql)  or die(mysql_error());
 echo "connection mysql<br/>";
[b]$count = mysql_num_rows( $res);[/b]
 
 if($count>0)
 {
     echo "good";
 }
 else
 {
     echo "invalid user name or password";
 }
?>

Re: login page issue

Posted: Tue Aug 11, 2009 3:05 am
by juma929
Hello,

Just on a little tiny issue that isnt completely relevant. Try to use the relevant $_POST or $_GET instead of $_REQUEST. Although this will make little difference to the operation of your code, it does provide you with a better approach going forwards in terms of security and knowing where your variables are coming from.

Even better would be to get your $_POST or $_GET variables, filter and clean them up and then enter them into an array structure similar to $clean['varname'] so you know if the variable is in there, there is a high chance you have cleaned it ready for use.

Just looking for something to type really!

Thanks :P