hi all, i have done simple login form with username="admin" and password="admin123". i am checking for sql injections.i have given "mysql_real_escape_string" for both username and password fields. but also it is not working...... if i give username as "admin --" and click the submit button(not giving password also) it is taking to the next page... tell me whats wrong in my below code..... Code: <?php session_start(); mysql_connect("localhost","root",""); mysql_select_db("test"); if(isset($_POST['sub'])) { $username=mysql_real_escape_string($_POST['txtuname']); $password=mysql_real_escape_string($_POST['txtpwd']); $check=mysql_query("SELECT DISTINCT `username`,`password` FROM `log` WHERE `username`='$username'") or die("Error: " . mysql_error()); while($find = mysql_fetch_array($check)) { list($username,$output) = $find; } if($password==$output) { $_session['si']=session_id(); echo "<script> location='view1.php'</script>"; } else echo "invalid"; } ?> <table width="200" height="150" bgcolor="lightblue" border="1" align="center"> <tr><td style="font-size:25;color:red" align="center" colspan="2">Login Form </td></tr> <form method="post" action=""> <tr><td align="right" width="100"> Username:</td><td><input type="text" name="txtuname" </td></tr> <tr><td align="right" width="100"> Password:</td><td><input type="password" name="txtpwd" </td></tr> <tr><td align="right" width="100"> <input type="submit" value="login" name="sub" </td></tr> </form> </table>
Your query is wrong and your not properly adding the variable. PHP: $Q = mysql_query("SELECT username,password From log WHERE username='". $username ."' AND password='". $password ."'");if($Q != false){//do something here}else{//do something here} The query checks to see if the values match values that exist and if not it will return false and the if statement will come into play and handles the rest from there. Code: <script type="text/javascript">window.location="view1.php";</script> This is how you create a redirect using javascript If you want to protect against injections you need to validate the data being sent to the script. You can test if its a number, string, float, date, color, binary, email etc... with your own functions. Also why are you using a while loop when the return data should be a array that is one dimensional and not multi. Wasting resources with that.
Hi, You have not put any client side check to have both username and password as the mandatory field and in your query you are just checking the username and have not included password in the where clause. Cheers, ~Maneet
