Home/ Questions/Q 740551
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-14T08:31:44+00:00

<?php include ‘lib/db_conn.php’; $uid=$_REQUEST[‘uid’]; $pass=$_REQUEST[‘pass’]; if(($uid==NULL && $pass==NULL) ||($uid==NULL) ||($pass==NULL)) { header(location:index.php?msg=Fields can’t be

  • 0
<?php
include 'lib/db_conn.php';
$uid=$_REQUEST['uid'];
$pass=$_REQUEST['pass'];
if(($uid==NULL && $pass==NULL) ||($uid==NULL) ||($pass==NULL))
{
    header("location:index.php?msg=Fields can't be left blank..");
}

$pass=md5($pass);
$sql1="SELECT * FROM `tb_user` WHERE `email`='$uid' AND `pass`='$pass'";
$rs1=mysql_query($sql1) or die (mysql_error());
$row1=mysql_fetch_array($rs1) or die (mysql_error());
$email=$row1['email'];
if($uid==$email)
{
        session_start();
        $_SESSION['id']=$row1['id'];
        header("location:home.php");
}
else
{
header("location:index.php?msg=Wrong Credentials..");
}
?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    it is better not to write a message in the address bar but just tokenize it, i.e.:

    header("location:index.php?msg=wcred");

    and in the index.php:

    if ($_GET['msg'] == "wcred") echo "Wrong Credentials..";

    And, as Kai mentioned, $uid=$_REQUEST['uid']; must be

    $uid=mysql_real_escape_string($_REQUEST['uid']);

    Also, as dnagirl mentioned, field emptiness checking is wrong.
    Also, as I am to mention, exit must follow any location header

    <?php
if((empty($_REQUEST['uid']) OR empty($_REQUEST['pass'])) {
    header("location:index.php?msg=fempty");
    exit;
}
include 'lib/db_conn.php';

$pass=md5($_REQUEST['pass']);
$pass=mysql_real_escape_string($pass);
$uid=mysql_real_escape_string($_REQUEST['uid']);

$sql1="SELECT * FROM `tb_user` WHERE `email`='$uid' AND `pass`='$pass'";
$rs1=mysql_query($sql1) or die (mysql_error());
$row1=mysql_fetch_array($rs1) or trigger_error(mysql_error());
if($row1) {
    session_start();
    $_SESSION['id']=$row1['id'];
    header("location:home.php");
    exit;
} else {
    header("location:index.php?msg=wcred");
    exit;
}
?>
    • 0