0
$klant_gebruikersnaam= $_POST["txtUser"];
    $klant_wachtwoord= md5($_POST["txtPassw"]);
    $sql = "SELECT * FROM `klanten` WHERE Gebruikersnaam =`$klant_gebruikersnaam` && Wachtwoord =`$klant_wachtwoord`";
    $qresult=$connect1->query($sql);
    if($qresult->num_rows!=1) //line36
        { 
            $fout="Goed geprobeerd, maar helaas <br>"; echo $fout;
         }

There is an issue with the getting of the property on line 36 I've checked everything, there must be something I'm overseeing

Switched123
  • 27
  • 1
  • `$_POST["txtUser"] = 'admin\';--';` Goed geprobeerd heh – PeeHaa May 27 '16 at 20:53
  • 1
    Or better yet, use the PHP [password API](http://php.net/password). – Jonnix May 27 '16 at 20:54
  • 1
    There is no such thing as `sha56`. Better yet the sha family is too fast for password hashing. @Bloodline – PeeHaa May 27 '16 at 20:55
  • 1
    Don't use backticks `\`` around variables, use single-quotes `'` instead. This is causing your query to fail, leaving `$qresult` as a boolean `false` instead of a MySQLi object. See http://stackoverflow.com/questions/11321491/when-to-use-single-quotes-double-quotes-and-backticks – Qirel May 27 '16 at 20:55
  • You are missing the more important part of my comment. sha265 is *not* suitable for password hashing. – PeeHaa May 27 '16 at 20:57
  • To reinforce what @JonStirling and PeeHaa are saying, you really shouldn't use [MD5 password hashes](http://security.stackexchange.com/questions/19906/is-md5-considered-insecure) and you really should use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. Make sure that you [don't escape passwords](http://stackoverflow.com/q/36628418/1011527) or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard May 27 '16 at 21:03
  • @Qirel Thanks that fixed it, didnt know there was a difference between single and backticks – Switched123 May 27 '16 at 21:10

0 Answers0