ShaneWalford Posted September 27, 2016 Share Posted September 27, 2016 Hi I am getting the above error on line highlighted In red below but cannot work out why. Any ideas? <?phpsession_start(); if(isset($_SESSION['usr_id'])!="") { header("Location: index.php");} include_once 'dbconnect.php'; //check if form is submittedif (isset($_POST['login'])) { $email = mysqli_real_escape_string($con, $_POST['email']); $password = mysqli_real_escape_string($con, $_POST['password']); $result = mysqli_query($con, "SELECT * FROM users WHERE email = '" . $email. "' and password = '" . md5($password) . "'"); if ($row = mysqli_fetch_array($result)) { $_SESSION['usr_id'] = $row['id']; $_SESSION['usr_name'] = $row['name']; header("Location: index.php"); } else { $errormsg = "Incorrect Email or Password!!!"; }}?> <!DOCTYPE html><html><head> <title>PHP Login Script</title> <meta content="width=device-width, initial-scale=1.0" name="viewport" > <link rel="stylesheet" href="css/bootstrap.min.css" type="text/css" /></head><body> <nav class="navbar navbar-default" role="navigation"> <div class="container-fluid"> <!-- add header --> <div class="navbar-header"> <button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#navbar1"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="navbar-brand" href="index.php">Koding Made Simple</a> </div> <!-- menu items --> <div class="collapse navbar-collapse" id="navbar1"> <ul class="nav navbar-nav navbar-right"> <li class="active"><a href="login.php">Login</a></li> <li><a href="register.php">Sign Up</a></li> </ul> </div> </div></nav> <div class="container"> <div class="row"> <div class="col-md-4 col-md-offset-4 well"> <form role="form" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="loginform"> <fieldset> <legend>Login</legend> <div class="form-group"> <label for="name">Email</label> <input type="text" name="email" placeholder="Your Email" required class="form-control" /> </div> <div class="form-group"> <label for="name">Password</label> <input type="password" name="password" placeholder="Your Password" required class="form-control" /> </div> <div class="form-group"> <input type="submit" name="login" value="Login" class="btn btn-primary" /> </div> </fieldset> </form> <span class="text-danger"><?php if (isset($errormsg)) { echo $errormsg; } ?></span> </div> </div> <div class="row"> <div class="col-md-4 col-md-offset-4 text-center"> New User? <a href="register.php">Sign Up Here</a> </div> </div></div> <script src="js/jquery-1.10.2.js"></script><script src="js/bootstrap.min.js"></script></body></html> Thank in advance Shane Quote Link to comment Share on other sites More sharing options...
cyberRobot Posted September 27, 2016 Share Posted September 27, 2016 It sounds like there is an error in the query. For debugging purposes, you could use mysqli_error(). For example $result = mysqli_query($con, "SELECT * FROM users WHERE email = '" . $email. "' and password = '" . md5($password) . "'") or die(mysqli_error($con)); Side note: in case you're not aware, md5() isn't recommended for securing passwords. More information can be found here: http://php.net/manual/en/function.md5.php#refsect1-function.md5-notes Quote Link to comment Share on other sites More sharing options...
Psycho Posted September 27, 2016 Share Posted September 27, 2016 Also, $password = mysqli_real_escape_string($con, $_POST['password']); Do not use any type of escaping on passwords. Once you hash the password it is safe for use within a DB query - but you should really be using prepared statements anyway so you don't have to escape any values. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.