Jump to content


login in php

  • Please log in to reply
1 reply to this topic

#1 NA05

  • New Members
  • Pip
  • Newbie
  • 1 posts

Posted 27 December 2017 - 05:06 AM

how i login in php through oracle database. please experts help me in login form php through oracle perfect code

    $username = $_POST["username"];
    $password = $_POST["password"];
    $con = oci_connect("user","pswrd","db");
    if(! $con)
        die('Connection Failed'.oci_error());
    $query = "SELECT username, password FROM users
    WHERE username=$username";
    $stmt = oci_parse($conn, $query);
    $row = oci_fetch_array($stmt, OCI_NUM);;
    if($row["username"]==$username && $row["password"]==$password)
        echo"You are a validated user.";
        echo"Sorry, your credentials are not valid, Please try again.";

and my html code is here...

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" 

<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<form method="post" action="login.php" >
  <table border="1" >
                <td><label for="username">username</label></td>
                <td><input type="text" 

                  name="username" id="username"></td>
                <td><label for="password">Password</label></td>
                <td><input name="password" 

                  type="password" id="password"></input></td>
                <td><input type="submit" value="Submit"/>
                <td><input type="reset" value="Reset"/>

Edited by NA05, 27 December 2017 - 05:09 AM.

#2 gizmola

  • Administrators
  • Advanced Member
  • 4,722 posts
  • LocationLos Angeles, CA USA

Posted 28 December 2017 - 12:31 AM

Like all SQL products, code like this is susceptible to SQL injection.
You want to utilize bind(bound) variables.   This page talks about the OCI drivers support for this:  http://php.net/manua...ind-by-name.php
This is a pet peeve of mine, but I don't like to use double quotes, when I can use single quotes.  
if($row['username'] == $username && $row['password'] == $password)
    echo"You are a validated user.";
    echo 'Sorry, your credentials are not valid, Please try again.';
Use double quotes when you want interpolation (variable substitution). The obvious thing here is what you are going to do with this login. Often people will set some variables in a session.

if($row['username'] == $username && $row['password'] == $password) {
    echo"You are a validated user.";
    $_SESSION['username'] = $row['username'];
    $_SESSION['isLoggedIn'] = true;
} else {
    echo 'Sorry, your credentials are not valid, Please try again.';
Last but not least, your variable should be hashed or encrypted. This code assumes plain text passwords. No system should be storing plain text passwords.

Fortunately, PHP has made good password storage practices very easy for you -- use these:


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users