0
<?php
include('./config.php');

//protect SQL injection
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);

$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$password=hash('sha256',$password);


//SQL query that sent login info to database


$result = mysql_query ("SELECT * FROM admin WHERE Login ='$username' AND Password ='$password'",$con);
$check = mysql_num_rows ($result);


@session_start();


if ($check == 1){
    while($rows = mysql_fetch_array($result)){
    $_SESSION['adminID'] = $rows['ID'];
    $_SESSION['username'] = $username;
        header('Location: ../home.php');
}
}

else {
    header('Location: ../index.php');

}


?>

Please help me take a look what's going on to .
SESSION['username'] was working fine but SESSION['adminID'] not registered..help~

3
Contributors
4
Replies
5
Views
5 Years
Discussion Span
Last Post by phorce
0
<?php
ob_start();
session_start();
include('./config.php');

//protect SQL injection
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);

$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$password=hash('sha256',$password);


//SQL query that sent login info to database


$result = mysql_query ("SELECT * FROM admin WHERE Login ='$username' AND Password ='$password'",$con);
$check = mysql_num_rows ($result);

if ($check == 1){
    while($rows = mysql_fetch_array($result)){
    $_SESSION['adminID'] = $rows['ID'];
    $_SESSION['username'] = $username;
        header('Location: ../home.php');
}
}

else {
    header('Location: ../index.php');

}


?>

Username will work, however, are you sure that 'ID' actually exists in the database?

0

looks like a spelling/case error with your DB columns. As above, make sure that 'ID' is the actual name of the column, and not something like 'userID' or something similar.

You don't need to stripslashes if you're using real_escape_string().

Don't give idiots who try to hack your page more room to get a right answer. Treat slashes as an invalid character.

If you really want to add an extra layer of security, you should look into preg_match().

0

yes...the problem solved..is because my other php file not contain session_start =)

anyway..thank you..

0

If this thread is solved, please mark it as solve. And give respect to those who you think helped you.

Good luck :))!

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.