I have written PHP code with many nested Here is my source code: These two other conditions are not working. I really do not know where my fault is. if conditions. I if conditions.
$ username = $ _POST ['username']; $ Password = $ _POST ['password']; If (! Empty ($ username) & amp; empty ($ password)) {$ query = "SELECT * from user where user name = '. $ Username.' And pass = '. $ Password.' "; $ Line = mysql_fetch_array ($ query); Calculation of $ = mysql_num_rows ($ query); If (($ calculation === 1) & amp; amp; ($ line ['username'] === $ user name] & amp; $ $ ['password'] === $ password )) {Session_destroy}; Session_start (); "Message" echo; } And {do_alert ("extraordinary warning"); }} And {do_alert ("extraordinary warning"); }
I think this will be done through your code under your code do_alert Follow me from
$ username = $ _POST ['username']; $ Password = $ _POST ['password']; If (! Empty ($ username) & amp; amp; blank ($ password)) {// if not empty $ query = ""; // This is an empty query $ row = mysql_fetch_array ($ query); // NADA calculates $ counts = mysql_num_rows ($ query); // Nada returns if (calculate $ (=== 1) & amp; amp; ($ line ['username'] === $ user name) & amp; ($ line ['password'] = == $ password)) {// Completely useless reason at this point is no line returned session_destroy (); Session_start (); "Message" echo; } Other {// this do_alert will not be executed ("extraordinary warning"); }} And {// this do_alert will be executed ("extraordinary warning"); // where is this function defined? } OK I commented on your code, where it went wrong. As you see, this happens beforehand, so it should be finally returned. Since I do not know where your do_alert code is defined, my guess is that this is your error.
First try to change it with resonance: echo "I'm a super-duper evil monkey"; See more that it works.
Edit
Because you've added your query now, I would also like to say that you should clean your input to make it more secure However, here the word safe is unobtrusive, because you are using an old mysql set. ( mysqli / pdo now have ways to go)
$ username = mysql_real_escape_string ($ _ POST ['user name']); $ Password = mysql_real_escape_string ($ _ POST ['password']); Why? easy. Look at it!
$ _ POST ['username'] = 'awesome'; $ _POST ['password'] = "'or' '='"; This will be something like that.
Select user where user = 'awesome' and password = '' or '' = '' And this would mean, everyone logged in Due to being empty, it always remains empty, just as a major source.
More info here:
Edit 2
// You do this for the first time with sessions You do not do this in your statement, because you are actually starting it, because you can not take advantage of session variables at the later stage on this page. Session_start (); // These variables come in a form by the name of the form, so we are going to do an inquiry if it actually comes from that form. $ Username = mysql_real_escape_string ($ _ POST ['username']); $ Password = mysql_real_escape_string ($ _ POST ['password']); If (! Empty ($ username) & amp; empty ($ password)) {$ query = "Selection name, password from user where name = '". $ Username "'and password ='". $ Password "'"; $ Line = mysql_fetch_array ($ query); Calculation of $ = mysql_num_rows ($ query); If (($ calculation === 1) & amp; amp; ($ line ['username'] === $ user name] & amp; $ $ ['password'] === $ password )) {Echo "message"; } Else {resonant "no enters";}} other {echo "failed to input some variables";} I have cleared some of my words, You may have to fix it, and after that I have decided a bit because you did not use the session with an appprofile.
Now where this message resonates, you should set a session variable when you After logging out, you can delete a session variable which you can use in the session If you can call, there is a login (on each page), you can see if it is excited, if so, then you are logged in. I hope this will help you.
No comments:
Post a Comment