PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I'm new to PHP. I am having real problems getting passed this if statement. I'm sure the answer is staring me in the face.
I think it is a problem with the mysql_query line. The if statement below keeps showing true.
<?php
session_start();
$links = "<a herf = 'main.php'> Click here to go back to the main page.</a><br><br><a herf = 'logout.php'> Click here to logout.</a>";
if ($loginid && $password) {
if ($logged_in_user == $loginid)
echo $loginid.", you are already logged in.<br>";
echo $links;
exit;
}
$db = mysql_connect('xxxxxxxxxxx', 'xxxxxxxxxxx', 'xxxxxxxxxxxxxx');
$result = mysql_query("SELECT * FROM members WHERE loginid = '".$loginid."'
AND password = '".$password."'");
if (!$result) {
echo "Sorry, we are having technical diffuculties. We cannot enter your details."; //<--- This line keeps showing true//
exit;
}
if (mysql_num_rows($result) >0){
$logged_in_user = $loginid;
session_register("logged_in_user");
echo "<h1>Welcome '".logged_in_user."'</h1><br><br>$links";
exit;
}
else{
echo "There is no match on our records. Please try again or register as a new user";
}
?>
I assume $loginid and $password comes from $_POST and $_GET and register_globals are on.
You should code with register_globals off, because not all hosts have them enabled and in PHP 6 it will be removed.
You should filter user input (mysql_real_escape_string)