mysql - php app to verify login -


trying understand how process form in php logs in. seems clumsy, there better way.

let's user login userid , password. if enter information on form, jump next page:

<?php if (isset($_post["id"])) {    $con=mysqli_connect("localhost","user","pw","db");    $codefile = $_post["filename"];    $id = $_post["id"];    $fname = $_post["fname"];    $lname = $_post["lname"];    $res = mysqli_query($con, "select count(*) users id='$id' , fname='$fname' , lname='$lname'");    $row = mysqli_fetch_array($res);    $count = $row[1];    if ($count == 1) {      header("submit.php");      die();    }    $res = $con->query('insert log values ($id, now(), $codefile)'); } ?>

the above code should theoretically jump submit.php if 1 row comes because there matching user. not seem work.

  1. how request first column back? has no name because not named column.
  2. i cannot believe how many statements takes 1 simple query done, there better way in php? java servlets has nifty shortcuts such integer return code number of affected lines, among other things.

  3. if works, want insert. of course better combined statement , base test on number of lines inserted (1 or 0)

    $res = $con->query('insert log values ($id, now(), $codefile)');

is there way of combining single query returns true if succeeds?

i suggest either use select * or actual columns instead of count(*)

for example: select id,fname,lname table

yet, suggest go way:

instead of:

$row = mysqli_fetch_array($res); $count = $row[1];

do:

$count = mysqli_num_rows($res); if($count==1){...}

for example , adding mysqli_real_escape_string() added security (more under footnotes below)

sidenote: i'm under impression if query doesn't meet criteria, users redirected submit.php , if meet it, insert.

if so, modified method. plus, using header("submit.php"); incorrect.

the proper way header("location: http://www.example.com");

another thing before passing on code.

this line should use quotes around values , double quotes wrap with:

$res = $con->query('insert log values ($id, now(), $codefile)');

as in:

$res = $con->query("insert log values ('$id', now(), '$codefile')");

note: try , use actual columns insert into, it's better.

plus, $res not execute since there no condition set it. either remove $res = or add

if($res){ echo "db insertion successful."; }

the code:

<?php if (isset($_post["id"])) {    $con=mysqli_connect("localhost","user","pw","db");    $codefile = mysqli_real_escape_string($con,$_post["filename"]);    $id = mysqli_real_escape_string($con,$_post["id"]);    $fname = mysqli_real_escape_string($con,$_post["fname"]);    $lname = mysqli_real_escape_string($con,$_post["lname"]);     $res = mysqli_query($con, "select * users fname='$fname' , lname='$lname' , id='$id'");     $count = mysqli_num_rows($res);     // if successful login, insert into...    if ($count == 1) {     // note: try , use actual columns insert into, it's better.      $res = $con->query("insert log values ('$id', now(), '$codefile')");          if($res){         echo "db insertion successful.";         }    }     // if not successful, redirect.    else {      header("location: submit.php");      exit();      }  } // end brace (isset($_post["id"])) ?>

footnotes:

your present code open sql injection. use prepared statements, or pdo

passwords

i noticed may storing passwords in plain text. not recommended.

use 1 of following:

other links:


Comments

Post a Comment

Popular posts from this blog

apache - Remove .php and add trailing slash in url using htaccess not loading css -

i have add following code htaccess file removing .php extension , add trailing slash urls. worked fine reduced page loading speed , css code not loading @ all. pages ugly. please help rewriteengine on rewritebase / ## hide .php extension snippet # externally redirect /dir/foo.php /dir/foo rewritecond %{the_request} ^[a-z]{3,}\s([^.]+)\.php [nc] rewriterule ^ %1/ [r,l] # add trailing slash rewritecond %{request_filename} !-f rewritecond %{request_uri} !/$ rewriterule . %{request_uri}/ [l,r=301] # internally forward /dir/foo /dir/foo.php rewritecond %{request_filename} !-d rewritecond %{request_filename}.php -f rewriterule ^(.*?)/?$ $1.php [l] we can rewrite urls using .htaccess files. before writing in .htaccess files need verify kind of server using. can check server adding a <?php phpinfo(); ?> in php page. ensure mod_rewrite module enabled in apache server. can identified checking phpinfo included page. common methods used url rewriting follows ...
Read more

javascript - jQuery show full size image on click -

pretty self explanatory not workking . i want display full image when user click on image... yes know there tons of plugins but i want keep simple. any idea ? css : .full { display: none; width: 500px; height: 500px; margin-left: 100px; margin-top: -300px; position: fixed; background-color: #f00; z-index: 6; } .thumbnail { width: 50px; height: 50px; } html: <img class="thumbnail" src="http://4.bp.blogspot.com/-uhbdp2esxng/txneptvi92i/aaaaaaaaaky/upfqis7zto0/s1600/rihanna-wallpaper.jpg"> jquery: $(document).ready(function() { $('.thumbnail').on('click', function() { var img = $('<img />',{src:this.src,'class':'full'}); $('.full').html(img).show(); console.log('done!'); }); }); try looking how jquery works. $(document).ready(function() { $('.thumbnail').on('click', function(...
Read more