Share this question

Welcome to Teachnovice Q&A, where you can ask questions and receive answers from other members of the community.

This is a collaboratively edited question and answer site for computer enthusiasts and power users. It's 100% free, no registration required.

PHP login script error?

0 like 0 dislike

I'm writing a script for login system for my project. I thought I am correct in coding this, but it gives me problem. And the problem is that it does not allow to log me in and redirects to login.php page. Below is the code;


$tabName = "adminuser";
$userName = $_POST['userName'];
$password = $_POST['password'];
    header('location: login.php');
$userName = stripslashes($userName);
$password = stripslashes($password);
$userName = mysql_real_escape_string($userName);
$password = md5(mysql_real_escape_string($password));

$sqlQuery = "SELECT * FROM $tabName WHERE userName = '".$userName."' 
             AND password = '".$password."' LIMIT 1";
$sqlExe = mysql_query($sqlQuery);

$count = mysql_num_rows($sqlExe);

if($count > 0){
    header('location: index.php');
    $_SESSION['auth'] = 1;
    echo "Wrong Username or Password <br />".
    '<a href="login.php">Go back...</a>';

Here is seesion code on "index.php" page


if(!isset($_SESSION['auth']) or $_SESSION['auth'] != 1){
    header('location: login.php');

Please correct me and let me know where im wrong. And please also tell me that, Is my code is sql injection safe?

asked Dec 31, 2011 by anonymous  
edited Jul 4, 2012 by sarwana

1 Answer

0 like 0 dislike
Best answer

Your code looks OK to me. The only thing is missing from your code.

you need this line after the <?php session_start();

This then should work.

answered Dec 31, 2011 by anonymous  
selected Nov 6, 2012 by sarwana