Re: still can't get a login with session working ... is there another way to mask the url parameter?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



1st. Replace your $sql query with this

$sql = sprintf("SELECT * FROM admin WHERE UserName = '%s' AND Password
= '%s'", mysql_real_escape_string($UserName),
mysql_real_escape_string($Password));
$result = mysql_query($sql) or die(mysql_error());

Ólafur Waage
olafurw@xxxxxxxxx

On Thu, Dec 18, 2008 at 3:56 PM, Terion Miller <webdev.terion@xxxxxxxxx> wrote:
> Still this won't pass the session to the next page.... is there a way to
> pass parameters in the url but mask them? maybe that would be easier, since
> I do have code that works passing the adminID on the url ...
> can a parameter be hashed after the fact?  I tried echo-ing the fields on
> the next page and they are not passing...
> my code that still doesn't work:
>
> <?php
> // start session
>  session_start();
>  include("inc/dbconn_open.php") ;
>  $errs = error_reporting ('E_ALL');
>
> if (isset($_POST['UserName'])) {$UserName = $_POST['UserName'];} else
> {$UserName = '';}
> if (isset($_POST['Password'])) {$Password = $_POST['Password'];} else
> {$Password = '';}
>
> $msg = '';
>
> if (!empty($UserName)) {
>
>    $sql = "SELECT * FROM  admin WHERE  UserName ='$UserName' and Password
> ='$Password' "
>    or die(mysql_error());
>    $result = mysql_query ($sql);
>    $row = mysql_fetch_object ($result);
>    If (mysql_num_rows($result) > 0) {
>        $_SESSION['AdminLogin'] = $row['AdminID'];
>        header ("Location: Main.php");
>    } else {
>        $msg = "Invalid Login";
>    }
> }
>
> ?>
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux