/* Login Functions */
function login($usr, $pass) {
$sql = "SELECT * FROM users WHERE usrNAME = '$usr' AND usrPASS = '$pass'";
$query = mysql_query($sql);
$row = mysql_fetch_assoc($query);
if (mysql_num_rows($query) == 1) {
// in here is what it should do if successful
} else {
// in here is what it should do if faild
}
}
// header
<?php
if (($_POST['submit'])){
login($_POST['username'], $_POST['password']);
}
?>
// somewhere in the body section
<?php
if($_SESSION['loged'] == "false") {
echo '
<div class="loginfailed" align="center">Login Failed!</div>
';
}
?>
<form action="#" method="POST">
Username:<br />
<input name="username" type="text" tabindex="1" maxlength="45" class="inputbox" /><br />
Password:<br />
<input name="password" type="password" tabindex="2" maxlength="55" class="inputbox" /><br />
<div align="center"><input type="submit" name="submit" value="Login" tabindex="3" class="inputbutton" /></div>
</form>
scarcella
11
Senior Software Architect
Recommended Answers
Jump to PostBesides the immediately glaring issues I see:
- The session isn't started in your code example e.g. session_start() isn't called.
- $_POST is not defined when you just load the form.
That query is also extremely vulnerable to SQL injection.
If you take the query:$sql = "SELECT * FROM …
Jump to Post-Marais
Personally I like PDO because the code is portable across all databases that PDO supports. There is more info on PDO prepared statements: http://www.php.net/manual/en/pdo.prepare.php
<?php /** * Takes …
Jump to PostSessions is really the only way to persist data over multiple requests in php. So yes in my opinion sessions would be the best way to use it over multiple requests.
Jump to PostBeware of session hijack though
Jump to Post-marases
Assuming you're using the PDO code I posted.
To iterate over the results of the query, the variable $rowset would contain a multidimensional array.
In theory your query should only return 0 or 1 rows, and to ensure this it should probably have a LIMIT 1 …
All 18 Replies
mschroeder
251
Bestower of Knowledge
Team Colleague
scarcella
11
Senior Software Architect
mschroeder
251
Bestower of Knowledge
Team Colleague
scarcella
11
Senior Software Architect
scarcella
11
Senior Software Architect
mschroeder
251
Bestower of Knowledge
Team Colleague
scarcella
11
Senior Software Architect
Stefano Mtangoo
455
Senior Poster
mschroeder
251
Bestower of Knowledge
Team Colleague
scarcella
11
Senior Software Architect
Stefano Mtangoo
455
Senior Poster
scarcella
11
Senior Software Architect
mschroeder
251
Bestower of Knowledge
Team Colleague
scarcella
11
Senior Software Architect
scarcella
11
Senior Software Architect
mschroeder
251
Bestower of Knowledge
Team Colleague
scarcella
11
Senior Software Architect
Stefano Mtangoo
455
Senior Poster
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.