0

I am working on a site where I am fetching records from database to match with the user input, if the data does not match with the details in database it must show an javascript alert box. But the problem is the javascript box is showing on body load too. Following is my code : 

//Storing the value of form's username and password into PHP variables
$username = $_POST['username'];
$password = $_POST['password'];
//This query is to check whether ther user has provided valid details
$query = mysql_query("Select * from accounts where username='$username' and password='$password'");
$status = mysql_num_rows($query);
/**Now checking whether the number of rows returned by database are greater than 0 to verify the login
if number of rows are greater than zero we will redirect the user to index page with a session variable**/
if($status >0)
{
$_SESSION['username'] = $username;
?>
<meta http-equiv="refresh" content="0;url=index.php">
<?}
else
{?>
<script language="javascript">
alert('UserName or Password does not match. Please try again');
</script>
<?}?>
Denys Séguret
384k90 gold badges813 silver badges780 bronze badges
asked Nov 9, 2012 at 12:36
5
  • 5
    warning your code is extremely vulnerable to sql injection attacks. also you should never store users passwords in the database. Commented Nov 9, 2012 at 12:37
  • 1
    @Jessica Brownie to complete what Daniel said, I suggest you look for password hashing (and never hash only the password, always include a salt and other parts like the username if it's constant). Commented Nov 9, 2012 at 12:38
  • Jessica, what page is this on? Can you show the form? Can you show more code that precedes this fragment? Commented Nov 9, 2012 at 12:47
  • 2
    I think she's trying to learn using PHP inside HTML pages. One step at a time. Don't confuse her with injections before she learns it. Commented Nov 9, 2012 at 12:47
  • On another note, you are using short tags. Commented Nov 9, 2012 at 12:54

3 Answers 3

1

Replace

else

with

else if (isset($_POST['username'])) {

if you don't want the alert to appear when the user isn't trying to log in.

answered Nov 9, 2012 at 12:47
Sign up to request clarification or add additional context in comments.

Comments

0

You need a login flag for this.

Add this to your form:

<input type="hidden" name="login_process" value="true" />

and then surround your login code with:

if($_POST["login_process"] == "true"){ 
 //your login code
}
...your page body
answered Nov 9, 2012 at 12:45

Comments

0 
you miss <?php and Varible
 this Code Use then Check
 <?php 
 $username = $_POST['username'];
 $password = $_POST['password'];
 //This query is to check whether ther user has provided valid details
 $query = mysql_query("Select * from accounts where username='".$username."' and password='**".$password."**'");
 $status = mysql_num_rows($query);
 /**Now checking whether the number of rows returned by database are greater than 0 to verify the login if number of rows are greater than zero we will redirect the user to index page with a session variable**/
 if($status >0)
 {
 $_SESSION['username'] = $username;
 ?>
 <meta http-equiv="refresh" content="0;url=index.php">
 **<?php** }
 else
 {?>
 <script language="javascript">
 alert('UserName or Password does not match. Please try again');
 </script>
 **<?php** }?>
answered Nov 9, 2012 at 12:49

1 Comment

Why does this fix the issue?

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.