To prevent sql injection hack,
$str="select user_id,user_name,user_password,status,activationkey,co_id from usergl
where user_id='$userid'
and user_password='$userpassword';";
$result=mysql_query($str,$con);
$numrow=mysql_num_rows($result);
after querying the database, place the table field data into an variable then compare it with the user's input:
list($user_id,$user_password,)=mysql_fetch_array($result);
if (($numrow<>0) and ($userid==$user_id) and ($userpassword==$user_password)):
' user login successfully
else:
' user login unsuccessfully
' redirect user to login again
endif;
No comments:
Post a Comment