PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I am novice in PHP & MySQL and I'm trying to learn how to do a simple login. I'm trying to do the checking for whenever a password and a username exist or not in the database. However, there is something wrong in my code and I can't find what.
Could you please give me a hand!?
------------------------------------------------------------------------------------------------------------------------ CODE:
You havn't defined $logged_in_user, so this will probably throw an error. Here you would want to check if the user in the _SESSION scope matches the current value. Which brings us to problem 2...
When the code is executed it always gets into the 'else' part -
"select * from users where name = '" . $user . "'
and password = PASSWORD('" . $pass . "')");
which means the query does not return any results (of course I have inserted couple of users in the database).
So, there must be something wrong with my query or with the variables within the query or something like that,
I don't know what! Any suggestions!?
1. Use mysql_real_escape_string on $user and $pass (and read up "SQL injection")
2. Don't use MySQL's PASSWORD() function, use MD5 or SHA(or was it SHA1)