cool_techie Posted February 13, 2011 Share Posted February 13, 2011 I have a login script which is showing problem. The problem is that when my username and password are correct it directs to index.php page and displays the correct username there. But if the password is wrong it still directs to the same page instead of different(err-login.php) page,but this time no username is displayed. index.php: the password verifying code is as follows(the whole code of index.php is not mentioned since it is too long and a bit messy) <code> <?php $connection=mysql_connect("localhost","root",""); mysql_select_db("forum",$connection); $select=mysql_query("SELECT * FROM user_id WHERE uname='$_REQUEST[uname]'",$connection); $row=mysql_fetch_array($select); if($row['password']==$_REQUEST['password']){ session_start(); $_SESSION['name']=$_REQUEST['uname']; } else{ header("Location:err-login.php"); } ?> </code> NOTE:-The name of my db and table are correct. I have referred to username as uname. Quote Link to comment https://forums.phpfreaks.com/topic/227549-login-scriptproblem/ Share on other sites More sharing options...
lastkarrde Posted February 13, 2011 Share Posted February 13, 2011 Sanitise your $_REQUEST inputs with mysql_real_escape_string(). $uname = mysql_real_escape_string($_REQUEST['uname']); $password = mysql_real_escape_string($_REQUEST['password']); Change your SQL query so it searches for WHERE uname='$uname' AND password='$password' Quote Link to comment https://forums.phpfreaks.com/topic/227549-login-scriptproblem/#findComment-1173770 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.