Convert PHP MySQL Code to MySQLi -
i use code below login system on site. lot of programmers on other sites said code not safe in way, login system created huge. can't rebuild all, takes ages beginner programmer in php.
<?php $destroy = false; require('connect.php'); session_start(); if (isset($_post['username']) , isset($_post['password'])){ $username = $_post['username']; $password = $_post['password']; $query = "select * `user` username='$username' , password='$password'"; $result = mysql_query($query) or die(mysql_error()); $count = mysql_num_rows($result); if ($count == 1){ $_session['username'] = $username; }else{ header("location: index.php?login=invalid"); } } if (isset($_session['username'])){ $username = $_session['username']; include("inc/dashboard.inc.php"); } else { if(isset($msg) & !empty($msg)){ echo $msg; } if(isset($_get["login"]) && $_get["login"] === "invalid") { echo "<div class='redtxt'>that account doesn't exist.</div>"; } ?> <form action="" method="post"> <p><label>username:</label><br /><input id="username" type="text" name="username" /></p> <p><label>password:</label><br /><input id="password" type="password" name="password" /></p> <input type="submit" name="submit" value="sign in" /> </form> <?php } ?>
you should convert functions mysqli (see previous answer) , besides need use prepared statements make whole lot safer: http://mattbango.com/notebook/code/prepared-statements-in-php-and-mysqli/
--edit-- , pointed out others should hash password value (not md5 please)
Comments
Post a Comment