[Solved] This is a simple login page and somewhere code is not working in php [closed]

by


Solution:

  • Why do you have to compare the passed-on data with the fetched data of your query? It is too redundant, and that loop will slow the process. All you have to do is to use *_num_rows if there is a match.
  • Also consider using _real_escape_string() to sanitize POST data from your form before binding it in your query, or better yet, use prepared statement.
  • Your else statement will not work because when a user enters a credential that does not exist in your database, it will not enter the loop, which tends not to read the if-else statement.

Sample Code:

$user = mysql_real_escape_string($_POST['fuser']);
$password = mysql_real_escape_string($_POST['fpassword']);

$query = "SELECT * FROM register WHERE user="$user" AND password = '$password'";
$rs = mysql_query($query) or die("Query not Executed, Some Fault.");

if(mysql_num_rows($rs) > 0){

    echo "<script>alert('You Are Login Successfully.')</script>";
    echo "Please Wait We Moving Now, Don't Press F5 or Refresh Button";
    header("Refresh:3; URL=dashboard.php");

} else {

    echo "<script>alert('Sorry Try Agian or Register First.')</script>";
    echo "Please Wait We Moving Now, Don't Press F5 or Refresh Button";
    header("Refresh:1; URL=form.php");

}

Prepared Statement:

Reminder: mysql_* API is deprecated, and recommend that you use mysqli_* instead.

Establish your connection first using mysqli_*:

$con = new mysqli("localhost", "root", "", "php");

if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}

Then, proceed to your code:

$user = $_POST['fuser'];
$password = $_POST['fpassword'];

$stmt = $con->prepare("SELECT * FROM register WHERE user = ? AND password = ?");
$stmt->bind_param("ss", $user, $password);
$stmt->execute();
$stmt->store_result();
if($stmt->num_rows > 0){

    echo "<script>alert('You Are Login Successfully.')</script>";
    echo "Please Wait We Moving Now, Don't Press F5 or Refresh Button";
    header("Refresh:3; URL=dashboard.php");

} else {

    echo "<script>alert('Sorry Try Agian or Register First.')</script>";
    echo "Please Wait We Moving Now, Don't Press F5 or Refresh Button";
    header("Refresh:1; URL=form.php");

}
$stmt->close();

Security:

Consider also encrypting your password when storing it in your database. I suggest you use at least password_hash.

1

solved This is a simple login page and somewhere code is not working in php [closed]