Jump to content
Please Use CODE Tags

Login system PHP

Bartb56
By Bartb56
in Programming
 Share
Go to solution Solved by leonfagan71,
1 minute ago, Bartb56 said:

I'm trying to make a login system in PHP but it keeps saying my login is wrong please help.

  


<?php
    session_start();
    include('dbconn.php');

    $username= $_POST['username'];
    $password= $_POST['password'];

    $username = stripslashes($username);
    $password = stripslashes($password);
    $username = mysql_real_escape_string($username);
    $password = mysql_real_escape_string($password);

 

    $result = mysqli_query($con, "SELECT username, password FROM users WHERE username = '".$username."' AND password = '".$password."'");

    $count =mysql_num_rows($result);
        
    if ($count==1){
        header("Location: index.html");
    } else {
        echo"Nope";
    }
?>

 

You're using mysql_real_escape_string, change this to: 

$username = mysqli_real_escape_string($con, $username);

for example.

also, mysql_num_rows needs to be mysqli_num_rows

 

If you still have issues, PM me.

Regards,
Leon.

Posted

I'm trying to make a login system in PHP but it keeps saying my login is wrong please help. 


<?php
    session_start();
    include('dbconn.php');

    $username= $_POST['username'];
    $password= $_POST['password'];

    $username = stripslashes($username);
    $password = stripslashes($password);
    $username = mysql_real_escape_string($username);
    $password = mysql_real_escape_string($password);

 

    $result = mysqli_query($con, "SELECT username, password FROM users WHERE username = '".$username."' AND password = '".$password."'");

    $count =mysql_num_rows($result);
        
    if ($count==1){
        header("Location: index.html");
    } else {
        echo"Nope";
    }
?>

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Solution
1 minute ago, Bartb56 said:

I'm trying to make a login system in PHP but it keeps saying my login is wrong please help.

  


<?php
    session_start();
    include('dbconn.php');

    $username= $_POST['username'];
    $password= $_POST['password'];

    $username = stripslashes($username);
    $password = stripslashes($password);
    $username = mysql_real_escape_string($username);
    $password = mysql_real_escape_string($password);

 

    $result = mysqli_query($con, "SELECT username, password FROM users WHERE username = '".$username."' AND password = '".$password."'");

    $count =mysql_num_rows($result);
        
    if ($count==1){
        header("Location: index.html");
    } else {
        echo"Nope";
    }
?>

 

You're using mysql_real_escape_string, change this to: 

$username = mysqli_real_escape_string($con, $username);

for example.

also, mysql_num_rows needs to be mysqli_num_rows

 

If you still have issues, PM me.

Regards,
Leon.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

I would recommend using prepared statements instead of escaping

 

https://stackoverflow.com/questions/24716560/do-i-need-to-escape-my-variables-if-i-use-mysqli-prepared-statements

Quote

No, if you use prepared statements everywhere in your application you are safe from SQL injection. However, an important "gotcha" is 2nd order injection attacks which happen when some queries use prepared statements and others don't.

 

Quote or mention me if not feel ignored 

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Programming

×