<?php
$user = $_GET['usid'];
$code = $_GET['pass'];
$date = date("D M d, Y");
$time = date("G:i a");
if (Login is clicked)
{
$con = mysql_connect("localhost");
if (!$con)
{
die('CONNECTION UNAVAILABLE ' . mysql_error());
}
else
{
mysql_select_db("Attendance", $con);
$pass = mysql_query("Select PW FROM Employees
WHERE EmpID == $user");
if ( $pass == $code )
{
mysql_query("INSERT INTO Attendance (CDate, TimeIn)
VALUES ($date, $time)
WHERE (Id==$user && pass==$code);
echo "You have logged in as: " . $user . " at " . date("D M d, Y G:i a");
mysql_close($con);
}
else
{
echo "Wrong password or username, try again."
}
else
{
$con = mysql_connect("localhost");
if (!$con)
{
die('CONNECTION UNAVAILABLE ' . mysql_error());
}
else
{
mysql_select_db("Attendance", $con);
$pass = mysql_query("Select PW FROM Employees
WHERE EmpID == $user");
if ( $pass == $code )
{
mysql_query("INSERT INTO Attendance (CDate, TimeOut)
VALUES ($date $time)")
WHERE (Id==$user && pass==$code);
echo "You have logged out at " . date("D M d, Y G:i a");
mysql_close($con);
}
else
{
echo "Wrong password or username, try again."
}
}
?>
This is my code, im trying to input the login time of a user when he clicks on the login button, and to input the logout time when he logs off. it's not working please help
my code doesnt work, please help
Moderator: General Moderators
Re: my code doesnt work, please help
This is not valid PHP code, do you mean if($login == 'clicked') ?hetrox wrote: if (Login is clicked)
Classic SQL injection problem here, make sure you mysql_real_escape_string($user)hetrox wrote: $pass = mysql_query("Select PW FROM Employees
WHERE EmpID == $user");
Also you are only running a query, not getting the result from it, you need to mysql_result(mysql_query()) to get the data out.
Your main problem is that you're running a query to fetch data but not actually getting the data out of the query result