Home/ Questions/Q 7862803
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-02T23:17:15+00:00

That’s the code <?php //Start session session_start(); //Then we retrieve the posted values for

  • 0

That’s the code

<?php

//Start session
session_start();

//Then we retrieve the posted values for user and password.
$username = $_POST['username'];
$password = $_POST['password'];

//Users defined in a SQLite database
$db = new PDO("sqlite:/www/test.db");
$result = $db->query("SELECT COUNT(*) FROM users WHERE Username = '$username' AND Password = '$password'");

if ($result > 0)
{
  //If user and pass match any of the defined users
  $_SESSION['loggedin'] = true;
  // close the database connection
  unset($db);
  header("Location: index.php");
};

//If the session variable is not true, exit to exit page.
if(!$_SESSION['loggedin'])
{
  // close the database connection
  unset($db);
  header("Location: login.html");
  exit;
};

?>

Database schema:

Username TEXT NOT NULL PRIMARY KEY UNIQUE, Password TEXT

The only row countains Username=’admin’ and Password=’admin’

Any ideas why the script redirects me everytime to index.php even when the username and password are not in the database?

Thanks in advance

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    $db->query will return a resource if no error was encountered. Not the results of the query. So since your query executes just fine you’re getting a resource handle which will always be > 0. That’s why it seems everyone is successfully logging in.

    You need to get the results of your query and check to see if the value of COUNT(*) is greater then zero (or equal to 1).

    • 0