I m getting error in this code :
<?php
//Database Information
$dbhost = "localhost";
$dbname = "youwtzc_reg";
$dbuser = "youwtzc_janzy";
$dbpass = "wahegurublessme1027";
//Connect to database
mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());
session_start();
$username = $_POST[‘username’];
$password = md5($_POST[‘password’]);
$query = “SELECT * FROM users WHERE username=’$username’ and password=’$password’”;
$result = mysql_query($query);
if (mysql_num_rows($result) != 1) {
$error = “Bad Login”;
include “login.html”;
} else {
$_SESSION[‘username’] = “$username”;
include “memberspage.php”;
}
?>
the error says :
Parse error: syntax error, unexpected T_STRING in /home/youwtzc/public_html/login.php on line 19
please help me through..
thanks
Need help in php login page !!!!
Moderator: General Moderators
-
ben.artiss
- Forum Contributor
- Posts: 116
- Joined: Fri Jan 23, 2009 3:04 pm
Re: Need help in php login page !!!!
If that is exactly as it was there's a problem with your query. It looks like there's dodgy single quotes (which happens usually by copying/pasting from websites), so just replace all the single and double quotes in this line manually and it should be fine:
Good luck.$query = “SELECT * FROM users WHERE username=’$username’ and password=’$password’”;
-
SimonMayer
- Forum Commoner
- Posts: 32
- Joined: Wed Sep 09, 2009 6:40 pm
Re: Need help in php login page !!!!
You appear to have given your database username and password away on this forum.
I strongly recommend you change your database password (and username if possible) immediately.
Although we do not know the name/ip of the host, someone may be able to work it out by searching for things you've posted on the web, so publishing those details could compromise the security of your database.
I strongly recommend you change your database password (and username if possible) immediately.
Although we do not know the name/ip of the host, someone may be able to work it out by searching for things you've posted on the web, so publishing those details could compromise the security of your database.
Re: Need help in php login page !!!!
In addition to what ben has said, you should also be using (at minimum) mysql_real_escape_string() on your $username and $password variables to prevent SQL injection.ben.artiss wrote:If that is exactly as it was there's a problem with your query. It looks like there's dodgy single quotes (which happens usually by copying/pasting from websites), so just replace all the single and double quotes in this line manually and it should be fine:
Good luck.$query = “SELECT * FROM users WHERE username=’$username’ and password=’$password’”;
And finally, the query as you have above is not case sensitive... if you wanted it to be case sensitive (password) then you could use:
Code: Select all
$query = "SELECT * FROM users WHERE username='".mysql_real_escape_string($username)."' AND password LIKE BINARY '".mysql_real_escape_string($password)."'";