how do i can validate or comparing the post $userid and $password is same within database or not. if same it will be to next page(login successful). i have try to do like this but it not function: if($userid == $row['userid'] && $password == $row['password']) can anyone give me an idea.... please... Thanks...
You should be doing something like this instead: $userid=mysql_real_escape_string($_POST['userid']); $password=mysql_real_escape_string($_POST['password']); $result=mysql_query("SELECT * FROM users WHERE userid='$userid' AND password='$password'"); if(@mysql_num_rows($result)>0){ //They pass validation } else{ //Validation failed } PHP: This is an oversimplified example, but it should give you an idea of the type of thing you need to do.
this is my code: <?php $db = mysql_connect("localhost", "root", "password") or die("Could not connect."); if(!$db) { die("no db"); } if(!mysql_select_db("my_db",$db)) { die("No database selected."); } $userid=mysql_real_escape_string($_POST['userid']); $password=mysql_real_escape_string($_POST['password']); $result=mysql_query("SELECT * FROM users WHERE userid='$userid' AND password='$password'"); if(@mysql_num_rows($result)>0) { //They pass validation header("location: 8.php"); } else { //Validation failed $error = 'login error'; echo 'Wrong User ID or Password!!'; } @mysql_close(); ?> the problem is, i can't login the true password and user id... same like it can't matching the post $userid and $password with the query. the query actually is success and i have to try what are the value of query. Now in this part, (@mysql_num_rows($result)>0) if i put '==1', '!=0', '>1', '>0', '<0', and '>=1'...... all function can't. the result is error!(wrong or true password and userid) and if i put '==0', '!=1', '<1', '<=1', < =0',and '>=0'........ when i try to run... it automatic login and go to next page(login success) so, how do i can solve this problem or you all any have idea about my problem?.. please help me.... thanks.
mysql_num_rows() doesn't like to work for me most of the time, either. Is your table actually named 'users'? Most likely if it's not giving an error saying table doesn't exist so that should be fine. You can try this: <?php $db = mysql_connect("localhost", "root", "password") or die("Could not connect."); if(!$db) { die("no db"); } if(!mysql_select_db("my_db",$db)) { die("No database selected."); } $userid = mysql_real_escape_string($_POST['userid']); $password = mysql_real_escape_string($_POST['password']); $result = mysql_query("SELECT * FROM users WHERE userid='$userid' AND password='$password' LIMIT 1"); $result = @mysql_fetch_array($result, MYSQL_ASSOC); if(!empty($result['userid'])) { //They pass validation header("location: 8.php"); } else { //Validation failed $error = 'login error'; echo 'Wrong User ID or Password!!'; } @mysql_close(); ?> PHP: This will first attempt to retrieve that data that it told it to round up when you used the mysql_query. If it doesn't find any matching rows (username and password don't match), it will simply not return anything (and possibly error which is why the @ is there). Then, we check if $result['userid'] is empty or not because if it's not, then that means it retrieved a proper row from the database. Usually I prefer to use the 'id' row when checking but I'm not sure if your table has a unique ID column. If it does, you can use if(!empty($result['id'])) instead.
thanks for the advise and the idea. that is really helping me... now a got the answer and my login is pretty working now... thanks... GBU.