I am trying to create a login page but I have a problem where the data is not being sent. Can any one help me out.
$myusername = stripslashes($username);
$mypassword = stripslashes($password);
$myusername = mysqli_real_escape_string($myusername);
$mypassword = mysqli_real_escape_string($mypassword);
$sql="SELECT * FROM login_admin WHERE user_name='$myusername' and user_pass=SHA1('$mypassword')";
$result=mysql_query($dbC, $sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "admin.php"
session_register("admin");
session_register("password");
$_SESSION['name']= $myusername;
header("location:admin.php");
}
else {
$msg = "$username $password $myusername $mypassword $sql $result Wrong Username or Password. Please retry";
header("location:login.php?msg=$msg");
}
And the output I get is:
test test123 SELECT * FROM login_admin WHERE user_name=\’\’ and user_pass=SHA1(\’\’) Wrong Username or Password. Please retry
You have to supply a $link identifier as the first argument in mysqli_real_escape_string so those lines should look more like
where $dbconn is the link you get back from
mysqli_connect. You’re also using mysql_query and mysql_num_rows when you should be using their mysqli_ equivalents if you’re going to be switching to the mysqli_* set of functions.I’d strongly recommend switching to mysqli (or PDO) over using the (now legacy) mysql functions. PHP.net provides information about why.