Stupid string.

[matthew798]

Hey guys.

 

Error check:

"SELECT password FROM users WHERE username = '$_POST['username']'"

 

heres the error btw

 

Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in C:\Program Files\EasyPHP 2.0b1\www\admin\loginprocess.php on line 13

[BlueSkyIS]

what's the error?

 

mysql_query($sql) or die(mysql_error(). " in $sql");

[matthew798]

just edited it in

[corbin]

Don't know if this is it or not since you gave us basically no code, but try:

 

"SELECT password FROM users WHERE username = '{$_POST['username']}'"

 

 

Also, unless you're sanitizing your input somewhere else, you should Google SQL injection.

[BlueSkyIS]

is that on a line by itself without assigning it to a variable? maybe you should show more of the code...

[matthew798]

<?php
session_start();
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];

if (!empty($_SESSION['username']) || !empty($_SESSION['password'])){
echo 'Please us the back button to enter a valid username/password';
exit();
}

include 'dbconnect.php';

$q = "SELECT password FROM users WHERE username = '$_POST['username']'";
$datapass = mysql_query($q);
or die(mysql_error()); 

if($_SESSION['password'] == $datapass){
echo 'Logging in!';
}else{
echo 'Invalid password';
and die();
} 
?>

 

And yes its secure with mysql_real_escape_string on every input

[DarkWater]

Arrays need to be enclosed by { } inside of double-quoted strings.