NA05 Posted December 27, 2017 Share Posted December 27, 2017 (edited) how i login in php through oracle database. please experts help me in login form php through oracle perfect code <?php $username = $_POST["username"]; $password = $_POST["password"]; $con = oci_connect("user","pswrd","db"); if(! $con) { die('Connection Failed'.oci_error()); } $query = "SELECT username, password FROM users WHERE username=$username"; $stmt = oci_parse($conn, $query); $row = oci_fetch_array($stmt, OCI_NUM);; if($row["username"]==$username && $row["password"]==$password) echo"You are a validated user."; else echo"Sorry, your credentials are not valid, Please try again."; ?> and my html code is here... <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>form</title> </head> <body> <form method="post" action="login.php" > <table border="1" > <tr> <td><label for="username">username</label></td> <td><input type="text" name="username" id="username"></td> </tr> <tr> <td><label for="password">Password</label></td> <td><input name="password" type="password" id="password"></input></td> </tr> <tr> <td><input type="submit" value="Submit"/> <td><input type="reset" value="Reset"/> </tr> </table> </form> </body> </html> Edited December 27, 2017 by NA05 Quote Link to comment Share on other sites More sharing options...
gizmola Posted December 28, 2017 Share Posted December 28, 2017 Like all SQL products, code like this is susceptible to SQL injection. You want to utilize bind(bound) variables. This page talks about the OCI drivers support for this: http://php.net/manual/en/function.oci-bind-by-name.php This is a pet peeve of mine, but I don't like to use double quotes, when I can use single quotes. if($row['username'] == $username && $row['password'] == $password) echo"You are a validated user."; else echo 'Sorry, your credentials are not valid, Please try again.'; Use double quotes when you want interpolation (variable substitution). The obvious thing here is what you are going to do with this login. Often people will set some variables in a session. if($row['username'] == $username && $row['password'] == $password) { echo"You are a validated user."; $_SESSION['username'] = $row['username']; $_SESSION['isLoggedIn'] = true; } else { echo 'Sorry, your credentials are not valid, Please try again.'; unset($_SESSION['username']; unset($_SESSION['isLoggedIn']); } Last but not least, your variable should be hashed or encrypted. This code assumes plain text passwords. No system should be storing plain text passwords. Fortunately, PHP has made good password storage practices very easy for you -- use these: https://secure.php.net/manual/en/function.password-hash.php https://secure.php.net/manual/en/function.password-verify.php Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.