PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
<?php ob_start();
session_start();
$username = $_POST['username'];
$_SESSION['username'] = $username;
?>
<?php require_once('Connections/marketbr.php'); ?>
<?php
//encrypte the password when user logs in to match the one in the database
$md5 = md5(md5($password));
mysql_select_db($database_marketbr, $marketbr);
$query_Login = "SELECT * FROM signup WHERE username = '$username' AND password = '$md5'";
$Login = mysql_query($query_Login, $marketbr) or die(mysql_error());
$row_Login = mysql_fetch_assoc($Login);
$totalRows_Login = mysql_num_rows($Login);
?>
jumping in and out of php like that without needing to can create problems, or maintanence issues. You should probably run an escape routine over the username. If the query returns more than 1 row, then you have a hacking attempt or you have some duplicate users, either of which you shouldn't allow..
header Location, although isn't required for a lot of browsers, some older ones will require a full url in it.
but is my if ($totalRows_Login >= 1) ok for what i'm trying to do (a members area). I honestly never saw that type of code, but it looks good to me, and it's pretty simple. However, there could be a flaw that i'm overlooking.
You should probably run an escape routine over the username
i don't understand that....an escape routine?
Something to make sure the proper username was put in?