hi all,
my database name is “test”.in the “test” database
i have created a table name called “log” which has two fields
namely username and password.
i have given username as “admin” and password as “admin123”.
now i have written one code using php so that when i click the submit button both the username as “admin” and password as “admin123” gets matched then it should direct to the next page…
tell me how to check whether username and passwords are matching and if it matches it must point to the action part what we give in <form method=“POST” action=“www.php”>
kindly tell me what i must add to the below program…
below is the code in php…
<?php
$host="localhost";
$username="root";
$password="";
$db_name="test";
$tbl_name="log";
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1)
{
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else
{
echo "Wrong Username or Password";
}
?>
With the current code, it should work if your field names are “myusername” and “mypassword” and the content entered matches that in the database.
You might also want to read this to get familiar with the way PHP handles forms.
Additionally, for security reasons it’s better to save your passwords using a one-way encryption mechanism like md5 or sha1, so your passwords are not stored in plain text in your database.
in database my field names are username and password…
by adding the extra thing below is it correct…
for me it is displaying the message “wrong username or password”.
tell me how to do…
it is not for security reasons.just a simple one…
<?php
$host="localhost";
$username="root";
$password="";
$db_name="test";
$tbl_name="log";
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1)
{
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else
{
echo "Wrong Username or Password";
}
?>
<form action="foo.php" method="post">
UserName: <input type="text" name="username" /><br />
Password: <input type="password" name="password" /><br />
<input type="submit" name="submit" value="Submit" />
</form>