<?php
include('./config.php');

//protect SQL injection
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);

$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$password=hash('sha256',$password);


//SQL query that sent login info to database


$result = mysql_query ("SELECT * FROM admin WHERE Login ='$username' AND Password ='$password'",$con);
$check = mysql_num_rows ($result);


@session_start();


if ($check == 1){
    while($rows = mysql_fetch_array($result)){
    $_SESSION['adminID'] = $rows['ID'];
    $_SESSION['username'] = $username;
        header('Location: ../home.php');
}
}

else {
    header('Location: ../index.php');

}


?>

Please help me take a look what's going on to .
SESSION['username'] was working fine but SESSION['adminID'] not registered..help~

<?php
ob_start();
session_start();
include('./config.php');

//protect SQL injection
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);

$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$password=hash('sha256',$password);


//SQL query that sent login info to database


$result = mysql_query ("SELECT * FROM admin WHERE Login ='$username' AND Password ='$password'",$con);
$check = mysql_num_rows ($result);

if ($check == 1){
    while($rows = mysql_fetch_array($result)){
    $_SESSION['adminID'] = $rows['ID'];
    $_SESSION['username'] = $username;
        header('Location: ../home.php');
}
}

else {
    header('Location: ../index.php');

}


?>

Username will work, however, are you sure that 'ID' actually exists in the database?

looks like a spelling/case error with your DB columns. As above, make sure that 'ID' is the actual name of the column, and not something like 'userID' or something similar.

You don't need to stripslashes if you're using real_escape_string().

Don't give idiots who try to hack your page more room to get a right answer. Treat slashes as an invalid character.

If you really want to add an extra layer of security, you should look into preg_match().

yes...the problem solved..is because my other php file not contain session_start =)

anyway..thank you..

If this thread is solved, please mark it as solve. And give respect to those who you think helped you.

Good luck :))!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.