Hi Guys,I need your help.I have login code but it is with defined user name & password.I need to fetch details from DB.Currently it is showing successful login only if username= "demo" & password="demo" .I want to authenticate user. Below is the code : <?php $is_ajax = $_REQUEST['is_ajax']; if(isset($is_ajax) && $is_ajax) { $username = $_REQUEST['username']; $password = $_REQUEST['password']; if($username == 'demo' && $password == 'demo') { echo "success"; } } ?> Thanks in Advance!
Currently it is showing successful login only if username= "demo" & password="demo" BECAUSE of this code -- > if($username == 'demo' && $password == 'demo') { echo "success"; } That is not how you request login details from DB. Because, You have already instructed PHP to display succsess message if only $username ='demo' && $password=='demo'. The code is only showing you, what you ordered it.
Use a SELECT query into the database using the username and password supplied. (Do it this way to learn how it works, not for a live site.) Then check the result of the query. If there's one, and only one, row returned, the given username and password pair exist in a record in the database. If there's no record, you don't have that combo. If there's more than one record (assuming you check that when a new user registers, and don't allow the same username to register twice), someone is trying to hack the site, or your database is corrupt. Once that works, use whatever method you prefer to prevent SQL injection attacks (see this page) before going live.