February 20th, 2013, 10:05 AM
Where is error in my PHP code?
I have a website www.paygully.com, I want to create a login page. I have created a form and also database
Database Host: fdb5.freehostingeu.com
Database Name: 1291370_data
Database User: 1291370_data
Database Password: xyz
Now it is showing error in the given code, I follow a tutorial to create this login page. The green colour code is showing error, Why?
$host="fdb5.freehostingeu.com"; // Host name
$username="1291370_data"; // Mysql username
$password="jahid@5177"; // Mysql password
$db_name="1291370_data"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
// Mysql_num_row is counting table row
// If result matched $myusername and $mypassword, table row must be 1 row
// Register $myusername, $mypassword and redirect to file "login_success.php"
echo "Wrong Username or Password";
The green colour code is showing error, Why?
February 20th, 2013, 10:07 AM
1) Enclose your code in [ PHP ] tags. See the sticky at the top of this forum.
2) No one here is clairvoyant so we don't know what error you are getting.
3) session_register is deprecated.
4) The MySQL extensions are deprecated.
5) Learn PHP and don't copy someone else's bad code from the internet.
Last edited by gw1500se; February 20th, 2013 at 10:14 AM.
There are 10 kinds of people in the world. Those that understand binary and those that don't.
February 20th, 2013, 10:10 AM
Change your database password immediately, you've posted it in public.
Most of this code uses deprecated functionality which has been officially "bad practices" for nearly a decade.
HEY! YOU! Read the New User Guide and Forum Rules
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin
"The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002
Think we're being rude? Maybe you asked a bad question
or you're a Help Vampire.
Trying to argue intelligently? Please read this.
February 20th, 2013, 10:18 AM
that tutorial is old, I mean really, really old. It probably hasn't been updated since 10 years or more.
Apart from that, it's terrible. I'm glad they at least managed to escape their query variables, but storing the passwords as plaintext is a very bad idea -- except for the script kiddies stealing your database to have some fun with the Facebook account of your users.
The best idea might to be throw the code away and start from scratch, this time with a better reference.
A serious advice: Do not copy and paste code you found somewhere on the internet. Most of it is old as hell and doesn't have any security at all. You're lucky that you only got a deprecated warning. Might as well have been a mail by your webhoster complaining about "suspicious activities" on your server.
Don't copy and paste. Write your own code.
February 20th, 2013, 10:25 AM
Thanks for advice, and I find Devshed Forums is more valuable and informative than other forum. Thanks a lot to all....