At a quick look:
Your code is vulnerable to SQL Injection: assume the user wants to hurt you, so always parse superglobals
$_GETand$_POSThttp://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php
To check if variable have values:
// good practice if (isset($userName, $userPass)) // bad practice if ($userName && $userPass )More important:
Don't reinvent the wheel unless you plan on learning more about wheels.
A simple search on google for PHP login system will give you a limitless number of examples from where you can learn how to build a proper system:
At a quick look:
Your code is vulnerable to SQL Injection: assume the user wants to hurt you, so always parse superglobals
$_GETand$_POSThttp://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php
To check if variable have values:
// good practice if (isset($userName, $userPass)) // bad practice if ($userName && $userPass )More important:
Don't reinvent the wheel unless you plan on learning more about wheels.
A simple search on google for PHP login system will give you a limitless number of examples from where you can learn how to build a proper system:
At a quick look:
Your code is vulnerable to SQL Injection: assume the user wants to hurt you, so always parse superglobals
$_GETand$_POSThttps://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php
To check if variable have values:
// good practice if (isset($userName, $userPass)) // bad practice if ($userName && $userPass )More important:
Don't reinvent the wheel unless you plan on learning more about wheels.
A simple search on google for PHP login system will give you a limitless number of examples from where you can learn how to build a proper system:
At a quick look:
Your code is vulnerable to SQL Injection: assume the user wants to hurt you, so always parse superglobals
$_GETand$_POSThttp://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php
To check if variable have values:
// good practice if (isset($userName, $userPass)) // bad practice if ($userName && $userPass )Split the connection phase and call
dieif you cannot connect.// bad practice $con = mysqli_connect($IP, $user, $pass, $db); // good practice mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB");More important:
Don't reinvent the wheel unless you plan on learning more about wheels.
A simple search on google for PHP login system will give you a limitless number of examples from where you can learn how to build a proper system:
At a quick look:
Your code is vulnerable to SQL Injection: assume the user wants to hurt you, so always parse superglobals
$_GETand$_POSThttp://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php
To check if variable have values:
// good practice if (isset($userName, $userPass)) // bad practice if ($userName && $userPass )Split the connection phase and call
dieif you cannot connect.// bad practice $con = mysqli_connect($IP, $user, $pass, $db); // good practice mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB");More important:
Don't reinvent the wheel unless you plan on learning more about wheels.
A simple search on google for PHP login system will give you a limitless number of examples from where you can learn how to build a proper system:
At a quick look:
Your code is vulnerable to SQL Injection: assume the user wants to hurt you, so always parse superglobals
$_GETand$_POSThttp://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php
To check if variable have values:
// good practice if (isset($userName, $userPass)) // bad practice if ($userName && $userPass )More important:
Don't reinvent the wheel unless you plan on learning more about wheels.
A simple search on google for PHP login system will give you a limitless number of examples from where you can learn how to build a proper system:
At a quick look:
Your code is vulnerable to SQL Injection: assume the user wants to hurt you, so always parse superglobals
$_GETand$_POSThttp://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php
To check if variable have values:
// good practice if (isset($userName, $userPass)) // bad practice if ($userName && $userPass )Split the connection phase and call
dieif you cannot connect.// bad practice $con = mysqli_connect($IP, $user, $pass, $db); // good practice mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB");More important:
Don't reinvent the wheel unless you plan on learning more about wheels.
A simple search on google for PHP login system will give you a limitless number of examples from where you can learn how to build a proper system: