Jump to content

login in php


Recommended Posts

how i login in php through oracle database. please experts help me in login form php through oracle perfect code

    $username = $_POST["username"];
    $password = $_POST["password"];
    $con = oci_connect("user","pswrd","db");
    if(! $con)
        die('Connection Failed'.oci_error());
    $query = "SELECT username, password FROM users
    WHERE username=$username";
    $stmt = oci_parse($conn, $query);
    $row = oci_fetch_array($stmt, OCI_NUM);;
    if($row["username"]==$username && $row["password"]==$password)
        echo"You are a validated user.";
        echo"Sorry, your credentials are not valid, Please try again.";

and my html code is here...

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" 

<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<form method="post" action="login.php" >
  <table border="1" >
                <td><label for="username">username</label></td>
                <td><input type="text" 

                  name="username" id="username"></td>
                <td><label for="password">Password</label></td>
                <td><input name="password" 

                  type="password" id="password"></input></td>
                <td><input type="submit" value="Submit"/>
                <td><input type="reset" value="Reset"/>
Edited by NA05
Link to comment
Share on other sites

Like all SQL products, code like this is susceptible to SQL injection.


You want to utilize bind(bound) variables.   This page talks about the OCI drivers support for this:  http://php.net/manual/en/function.oci-bind-by-name.php


This is a pet peeve of mine, but I don't like to use double quotes, when I can use single quotes.  


if($row['username'] == $username && $row['password'] == $password)
    echo"You are a validated user.";
    echo 'Sorry, your credentials are not valid, Please try again.';
Use double quotes when you want interpolation (variable substitution). The obvious thing here is what you are going to do with this login. Often people will set some variables in a session.



if($row['username'] == $username && $row['password'] == $password) {
    echo"You are a validated user.";
    $_SESSION['username'] = $row['username'];
    $_SESSION['isLoggedIn'] = true;
} else {
    echo 'Sorry, your credentials are not valid, Please try again.';
Last but not least, your variable should be hashed or encrypted. This code assumes plain text passwords. No system should be storing plain text passwords.


Fortunately, PHP has made good password storage practices very easy for you -- use these:




Link to comment
Share on other sites

This thread is more than a year old. Are you sure you have something important to add to it?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.