hye guys..
i have a problem where i did’nt knw what the error
i have validate page where its checks the group to identify the user
if the group is admin, the adminpage will appear..
while if the group is user, the userpage will appear..
situation:when i insert the username and password, the validate page appear with the blank page…i dont know what wrong with the code…
plz guys..help me..
here’s the code:
<?php
session_start();
if($_POST['id']!=null && $_POST['pass']!=null){
$username=$_POST['id'];
$password=$_POST['pass'];
$link=@mysql_connect('localhost','root')
or die("Could not connect".mysql_error());
if (!@mysql_select_db("fyp",$link)){
echo mysql_error();
}
$db_select = mysql_select_db('fyp',$link);
if (!$db_select) {
die("Database selection failed: " . mysql_error());
}
$sql="SELECT * from access where username='".$username."' AND password='".$password."'";
$result=mysql_query($sql);
if(!$result){
die(mysql_error());
}
$numrecord=mysql_num_rows($result);
if($numrecord>0){
if($group=="admin" ){
$_SESSION['id']=$username;
$_SESSION['pass']=$password;
$_SESSION['group'] = $row['group'];
mysql_close($link);
header("Location:adminpage.php");
}
elseif($group=="user"){
$_SESSION['id']=$username;
$_SESSION['pass']=$password;
$_SESSION['group'] = $row['group'];
mysql_close($link);
header("Location:userpage.php");
}
}
else{
mysql_close($link);
header("Location:login.php?error=2");
}
}
else{
header("Location:login.php?error=1");
}
?>
You are not using
mysql_fetch_arrayor other function to actually fetch the rows from databse. Try this:Also, you need to use
mysql_real_escape_stringfunction in your query to avoid security issues.