//Start session
	//Include database connection details
	//Array to store validation errors
	$errmsg_arr = array();
	//Validation error flag
	$errflag = false;
	//Connect to mysql server
	$link = mysql_connect('localhost','root','');
	if(!$link) {
		die('Failed to connect to server: ' . mysql_error());
	//Select database
	$db = mysql_select_db(shop);
	if(!$db) {
		die("Unable to select database");
	//Function to sanitize values received from the form. Prevents SQL injection
	function clean($str) {
		$str = @trim($str);
		if(get_magic_quotes_gpc()) {
			$str = stripslashes($str);
		return mysql_real_escape_string($str);
	//Sanitize the POST values
	$login = $_POST['login'];
	$password = $_POST['password'];
	//Input Validations
	if($login == '') {
		$errmsg_arr[] = 'Login ID missing';
		$errflag = true;
	if($password == '') {
		$errmsg_arr[] = 'Password missing';
		$errflag = true;
	//If there are input validations, redirect back to the login form
	if($errflag) {
		$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
		header("location: login-form.php");
	//Create query
	$qry="SELECT * FROM employee WHERE username='$login' AND passwd='".md5($_POST['password'])."'";
	//Check whether the query was successful or not
	if($result) {
		if(mysql_num_rows($result) == 1) {
			//Login Successful
			$member = mysql_fetch_assoc($result);
			$_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
			$_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
			$_SESSION['SESS_LAST_NAME'] = $member['lastname'];
			header("location: navigator.html");
		}else {
			//Login failed
			header("location: login-failed.php");
	}else {
		die("Query failed");

In the above php code the password check is not working. In my table i have the columns username and passwd ant in my form i have the textbox name as username and password. Session are not a problem. But the password check is not working. Below i've pasted my form code. Kindly help me with this problem as soon as possible.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login Form</title>
<link href="loginmodule.css" rel="stylesheet" type="text/css" />
<form id="loginForm" name="loginForm" method="post" action="login-exec.php">
  <table width="300" border="0" align="center" cellpadding="2" cellspacing="0">
      <td width="112"><b>Login</b></td>
      <td width="188"><input name="login" type="text" class="textfield"/></td>
      <td><input name="password" type="password" class="textfield"/></td>
      <td><input type="submit" name="Submit" value="Login" /></td>
7 Years
Discussion Span
Last Post by cwarn23

is the query failing?

is the # of rows returned not == 1?

have you tried echoing the sql and running it in a sql client to see what happens?

also, "my code doesnt work" is hard to debug. Try to be more specific.


Everything is fine without the use of md5. But if i put md5 to encrypt the password its not working. While registering also i'm putting md5 and for login also i'm using md5. But i don't know why its not working when i use md5. Pls reply me as soon as possible. Thanks :-)


Have you tried a debug?

Example, set the value of the password in the database in a variable called $dbpw, then create a variable by using $userpw = md5($_POST['password'];

Then echo the two to the screen from a test script. See if they are the same first.

Edited by mike_2000_17: Fixed formatting


Try making this line 58 and 59

$qry='SELECT * FROM employee WHERE username="'.mysql_real_escape_string($login).'" AND passwd="'.mysql_real_escape_string(md5($_POST['password'])).'"';
$result=mysql_query($qry) or die(mysql_error());

I have added some debugging functions which should help resolve the error.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.