Rkboss Rkboss - 4 months ago 9
MySQL Question

How to login with multiple validation in php from database

I want to log in with validation in the query such as "select account from login where account='active'", after checking the status 'active' then and then he/she will able to log in to a system...i am trying it with this code mentioned below but it doesn't work.....please help me!

//login.php
<?php
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['sbm'])) {
if (empty($_POST['email']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
}
else
{
// Define $username and $password
$username=$_POST['email'];
$password=$_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysql_connect("localhost", "root", "");
// To protect MySQL injection for Security purpose
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
// Selecting Database
$db = mysql_select_db("company", $connection);
$valid=mysql_query("select account from login where account='active'",$connection);
$acc=mysql_fetch_assoc($valid);
echo $acc['account'];
if($valid==1){
// SQL query to fetch information of registerd users and finds user match.
$query = mysql_query("select * from login where password='$password' AND email='$username'", $connection);
$rows = mysql_num_rows($query);
if ($rows == 1) {
$_SESSION['login_user']=$username; // Initializing Session
header("location: profile.php"); // Redirecting To Other Page
} else {
$error = "Username or Password is invalid";
}
mysql_close($connection); // Closing Connection
}
}
}
?>

Answer
$query = mysql_query("select * from login where password='$password' AND email='$username' AND account = 'active'");

change your code as shown below:

// Selecting Database
$db = mysql_select_db("company", $connection);
/*remove below line
$valid=mysql_query("select account from login where account='active'",$connection);
$acc=mysql_fetch_assoc($valid);
echo $acc['account'];
if($valid==1){ */
// SQL query to fetch information of registerd users and finds user match.
$query = mysql_query("select * from login where password='$password' AND email='$username' And account = 'active'");
$rows = mysql_num_rows($query);
if($rows > 0){
//keep next lines as they are. just remove last '}'

N.B: you shouldn't use mysql.* functions as they have been removed from PHP 7.0.0 because they are vulnerable to sql injection.

Comments