2

i create login session and it has has display an error: unidentified myusername and mypassword in these lines. I don't under stand why.

$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword'];

this is my checklogin.php

mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){

session_register("myusername");
session_register("mypassword"); 
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>

and this is my form for loggin:

<form action='checklogin.php' method="post" >
Username
<input name='myusername' type="text">
Password
<input name='mypassword' type="password">

<input type="submit" name="Submit" value="Login">

</form>
surisava
  • 181
  • 2
  • 3
  • 11

1 Answers1

5

check that $_POST['myusername'] and $_POST['mypassword'] are set before use

if(isset($_POST['myusername']) && isset($_POST['mypassword']) && !empty(trim($_POST['myusername'])) && !empty(trim($_POST['mypassword']))) {

 }

also its looks like in the form action its login_true.php it should be checklogin.php

<form action='checklogin.php' method="post" >

since you are sending the data in login_true.php not in the check_login.php so you getting error: unidentified bla bla

Warning : your code is completely open for sql injunction

Good Read:

  1. Best way to prevent SQL injection?
  2. PDO Tutorial for MySQL Developers
  3. Pdo for beginners ( why ? and how ?)
Community
  • 1
  • 1
NullPoiиteя
  • 53,430
  • 22
  • 120
  • 137
  • I edited to checklogin.php like you said but it still display the same error.what should i do ? – surisava Nov 28 '12 at 06:49
  • yes, like i edit the question above login_true.php ---> checklogin.php. – surisava Nov 28 '12 at 06:58
  • okk....than first check that you are going right to do this try `die('i am here ')` in checklogin – NullPoiиteя Nov 28 '12 at 07:00
  • @KateHoàng come to php chat room to discuss ..further – NullPoiиteя Nov 28 '12 at 07:03
  • you mean i should edit the very first two line. die("cannot connect") to die('i am here')? – surisava Nov 28 '12 at 07:07
  • i did it but nothing change. – surisava Nov 28 '12 at 07:07
  • i am just telling to check that you are sussefull reached to checklogin.php not change die("cannot connect") to die('i am here') once you get `i am here` it mean you are going right now the problem in the checklogin.php so now you need to check that is value of $_Post is set if bot are set too than go further – NullPoiиteя Nov 28 '12 at 07:10
  • I just check the login system is work. I enter password into the form and I can login now. But when I click checklogin.php, it still display an error. – surisava Nov 28 '12 at 07:17
  • checklogin.php display in my sever and i click to check it. This is the new error. Fatal error: Can't use function return value in write context. on line if isset.... – surisava Nov 28 '12 at 07:27