0
----Query was empty---
at
---$sql="SELECT * FROM users WHERE username='$username' AND password='$password'";
    $result=@mysql_query($sql) or die(mysql_error()); ---


<html>
<body>
<form action="login.php" method="post">
<div>
<table width="100%">
<tr>
<td><img src="Logofinalcopy.gif"></td>
</tr>
<tr>
<td bgcolor="aqua"><h2>Login</h2></td>
</tr></table>
<table align="right" style="width:40%">
<br>
<tr>
<td>username:</td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td>password:</td>
<td><input type="password" name="password"></td>
</tr>
<tr>
<td align="CENTER" COLSPAN="4">
<input TYPE="SUBMIT" name="submit" value="Login">
<input TYPE="reset" name="submit" value="clear"></td>
</tr>
</table>
</div>
</form>
</body>
</html>
<?php
if(isset($_POST['submit']))
{
 $con = @mysql_connect("10.70.1.50","invensis","invensis");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
 $con_db=@mysql_select_db("database_myproject",$con);
if (!$con)
  {
  die('Could not connect DB: ' . mysql_error());
  }

  $username=$_POST['username'];
  $password=$_POST['password'];

  $username = stripslashes($username);
  $password = stripslashes($password);
  $username = mysql_real_escape_string($username);
  $password = mysql_real_escape_string($password);

  $flag="OK";  
  $msg=""; 
     
 if(strlen($username) < 1)
   {
          $msg=$msg."Please enter the username<br>";
          $flag="NOTOK"; 
   }
 if(strlen($password) < 1)
   {
        $msg=$msg."Please enter the password<br>";
        $flag="NOTOK";  
   }
  if($flag <>"OK")
  {
  echo "<strong style='color:#FF3333'>"."<left >Please enter Username or Password  </left>"."</strong>";
  }
  else
    {
    $sql="SELECT * FROM users WHERE username='$username' AND password='$password'";
    $result=@mysql_query($sql) or die(mysql_error()); 

    $count= mysql_num_rows($result);
    echo "$count";
    if($count==1)
       {
            $sql = mysql_query("SELECT role FROM users WHERE username='$username' AND password='$password'");
            while($info = @mysql_fetch_array($sql))
            {
                if($info['role']=='Super Admin')
                {
                    @header('location: [url]http://localhost/Project/Superadmin.php');[/url]
                } 
                else if($info['role']=='Admin')
                {
                    @header('location: [url]http://localhost/Project/Admin.php');[/url]
                } 
                else if($info['role']=='User')
                {
                    @header("location: http://localhost/Project/User.php");
                } 
            }    
        
        } 
        else 
        {
            echo "<strong style='color:#FF3333'>Incorrect User Name OR Password</strong>";
        }
      
}
}
?>

Edited by nav33n: Use [code][/code] tags to wrap your code for easy readability.

3
Contributors
3
Replies
4
Views
7 Years
Discussion Span
Last Post by phpuser
0

hi

Your query will come like

"$sql="SELECT * FROM users WHERE username='".$username."' AND password='".$password."'";

Please try with this one and let me know if still any problem comes

0

Hiiee

Use This Query

$sql="SELECT * FROM users WHERE username="'.$username.'" AND password="'.$password.'" ";

InStead Of This

$sql="SELECT * FROM users WHERE username='$username' AND password='$password'";

Check & Let Me Know If U Find Anything Else.

Do It For All Queries In Ur File. That Will Work.

Thanks.
ScmSimplyBest

Edited by scmsimplybest: n/a

0

Do one thing ,

echo you $sql variable in your script then write die(); so when you run code you will see that query only.

Now take that query and run it in PHPMYADMIN and check is it right or your get result from same ??

may be you can get some idea wheres the problem is ?

Best luck..

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.