Recognizing data

Philosophaie · May 27, 2014, 9:33am

I am having trouble with the php statements in session.php to recognize the result of the correct $user and $pass.
I have a MySQL table called “register” with usernames and passwords,

session.php

<?php
	$result="";
	$user = filter_input(INPUT_POST, "user");
	$pass = filter_input(INPUT_POST, "pass");
	if ($user!=null And $pass!=null){
		$conn = mysql_connect(connectionstring works);
		mysql_select_db('db1');
		$sql = "SELECT * FROM register WHERE username=$user And password=$pass;";
		$result = mysql_query($sql, $conn);
	}
	if ($result==null) {
		return header("Location: http://www.philosophaie.com/htmlphp/secure_login.htm");
	}
?>

Patche · May 27, 2014, 9:50am

You could try using mysql_num_rows();


if(mysql_num_rows($result) == 0) {
echo"bad login";
}

Philosophaie · May 27, 2014, 10:05am

I changed $sql to this but it still did not work:

$sql = "SELECT * FROM register WHERE username=" & $user & " And password=" & $pass & ";";