#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2013
    Posts
    7
    Rep Power
    0

    Where is error in my PHP code?


    I have a website www.paygully.com, I want to create a login page. I have created a form and also database

    Details are
    Database Host: fdb5.freehostingeu.com
    Database Name: 1291370_data
    Database User: 1291370_data
    Database Password: xyz


    Now it is showing error in the given code, I follow a tutorial to create this login page. The green colour code is showing error, Why?

    http://www.phpeasystep.com/phptu/6.html
    ----------------------------------

    <?php

    $host="fdb5.freehostingeu.com"; // Host name
    $username="1291370_data"; // Mysql username
    $password="jahid@5177"; // Mysql password
    $db_name="1291370_data"; // Database name
    $tbl_name="members"; // Table name

    // Connect to server and select databse.
    mysql_connect("$host", "$username", "$password")or die("cannot connect");
    mysql_select_db("$db_name")or die("cannot select DB");

    // username and password sent from form
    $myusername=$_POST['myusername'];
    $mypassword=$_POST['mypassword'];

    // To protect MySQL injection (more detail about MySQL injection)
    $myusername = stripslashes($myusername);
    $mypassword = stripslashes($mypassword);
    $myusername = mysql_real_escape_string($myusername);
    $mypassword = mysql_real_escape_string($mypassword);
    $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
    $result=mysql_query($sql);

    // Mysql_num_row is counting table row
    $count=mysql_num_rows($result);

    // If result matched $myusername and $mypassword, table row must be 1 row
    if($count==1){

    // Register $myusername, $mypassword and redirect to file "login_success.php"
    session_register("myusername");
    session_register("mypassword");

    header("location:login_success.php");
    }
    else {
    echo "Wrong Username or Password";
    }
    ?>

    ---------------------
    The green colour code is showing error, Why?
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Jul 2003
    Posts
    3,489
    Rep Power
    594
    1) Enclose your code in [ PHP ] tags. See the sticky at the top of this forum.
    2) No one here is clairvoyant so we don't know what error you are getting.
    3) session_register is deprecated.
    4) The MySQL extensions are deprecated.
    5) Learn PHP and don't copy someone else's bad code from the internet.
    Last edited by gw1500se; February 20th, 2013 at 09:14 AM.
    There are 10 kinds of people in the world. Those that understand binary and those that don't.
  4. #3
  5. Sarcky
    Devshed Supreme Being (6500+ posts)

    Join Date
    Oct 2006
    Location
    Pennsylvania, USA
    Posts
    10,908
    Rep Power
    6351
    Change your database password immediately, you've posted it in public.

    Most of this code uses deprecated functionality which has been officially "bad practices" for nearly a decade.
    HEY! YOU! Read the New User Guide and Forum Rules

    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin

    "The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002

    Think we're being rude? Maybe you asked a bad question or you're a Help Vampire. Trying to argue intelligently? Please read this.
  6. #4
  7. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Hi,

    that tutorial is old, I mean really, really old. It probably hasn't been updated since 10 years or more.

    Apart from that, it's terrible. I'm glad they at least managed to escape their query variables, but storing the passwords as plaintext is a very bad idea -- except for the script kiddies stealing your database to have some fun with the Facebook account of your users.

    The best idea might to be throw the code away and start from scratch, this time with a better reference.

    A serious advice: Do not copy and paste code you found somewhere on the internet. Most of it is old as hell and doesn't have any security at all. You're lucky that you only got a deprecated warning. Might as well have been a mail by your webhoster complaining about "suspicious activities" on your server.

    Don't copy and paste. Write your own code.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2013
    Posts
    7
    Rep Power
    0
    Thanks for advice, and I find Devshed Forums is more valuable and informative than other forum. Thanks a lot to all....

IMN logo majestic logo threadwatch logo seochat tools logo