There is code to check if the user has entered the right password or

Question

0

Asked: June 11, 20262026-06-11T20:29:06+00:00 2026-06-11T20:29:06+00:00

There is code to check if the user has entered the right password or

0

There is code to check if the user has entered the right password or not.

if (isset($_POST['userpassword']))
{
    include('db.php');
    //I have used the name passwordu instead of password in the database as well.
    $query = "SELECT * FROM users WHERE username = '".$_REQUEST['username']."' AND passwordu = '".md5($_REQUEST['userpassword'])."';";
    $result = mysql_query($query);
    if ($result){ //THIS IS WHERE I FEEL THE ERROR IS
        echo "Congratulations. You are now Logged in. You will be logged out when the Browser is closed.";
        $_SESSION['logval'] = TRUE; //Sets the User Logged in for the complete session.
    }
    else echo "Sorry, You Entered Wrong Info.";
}

However, even if a wrong password is entered it accepts the log in.

What is wrong here?
Also, if I am making a conceptual mistake, please tell me the right way to check if the user has entered the right information.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-11T20:29:07+00:00

Editorial Team

2026-06-11T20:29:07+00:00Added an answer on June 11, 2026 at 8:29 pm

To be completely honest – what is wrong is the code is allowing MySQL Injections

But for your code, use mysql_num_rows().

mysql_query() returns true if the query was successful. false if not.
mysql_num_rows() counts the rows.

if ( mysql_num_rows(mysql_query("some query")) == 1 ) { logged in }

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

There is code to check if the user has entered the right password or

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply