DISPLAYS THE [ELSE] AT THE END. INPUT IS CORRECT.
// blank on purpose
$host="localhost";
$username="";
$password="";
$db_name="";
$tbl_name="";
// connect to the server and select database
mysql_connect("$host","$username","$pa... die("cannot connect");
mysql_select_db("$db_name")or die("cannot connect");
// email and password from signup
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$sql = "SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting the table row
$count=mysql_num_rows($result);
// if result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// register $myemail, $mypassword and redirect to a success page
session_register("myusername");
session_register("mypassword");
header("location:index.php");
}
else {
echo"wrong username ..."
// put this here to see if it helps from being first on page.
include ("includes/header.php");
Can someone help with this php code?
mysql_num_rows() does not always work as expected. The only way to guarantee that a row exists in the results is to do a mysql_fetch_row().
BTW, your SQL query is vulnerable to various SQL injection techniques. Major security hole!
Can someone help with this php code?
Maybe the username is not exist
or
The password in the database is stored using encryption function, like MD5 or PASSWORD.
If it's true, in your $sql, write :
".......... and password = 'MD5($mypassword)'"
Is it helpful?
