21 thoughts on “PHP MYSQL user authentication

  1. Notice: Undefined index: Pseudo in C:xampphtdocsfacturelogin.php on line 8

    Notice: Undefined index: Pass in C:xampphtdocsfacturelogin.php on line 9

    Warning: mysql_query() expects parameter 1 to be string, resource given in C:xampphtdocsfacturelogin.php on line 12

    Warning: mysql_num_rows() expects parameter 1 to be resource, null given in C:xampphtdocsfacturelogin.php on line 13

    if($_POST)
    {
    $dbhost="localhost";
    $dbuser=" ";
    $dbpass=" ";
    $dbbase=" ";
    $username=$_POST['Pseudo'];
    $password=$_POST['Pass'];
    $conn=mysql_connect($dbhost,$dbuser,$dbpass,$dbbase);
    $query=("SELECT * FROM admin where Pseudo='$username' AND Pass='$password'");
    $result=mysql_query($conn,"SELECT * FROM admin" );
    if(mysql_num_rows($result)==1)
    {
    session_start();
    $_SESSION['facture']='true';
    header('location:welcome.php');
    }
    else {echo 'Nom utilisateur ou mot de pass incorect';}
    }

  2. You should NEVER store raw passwords in your database. Also your code is susceptible to SQL injection attacks. I'm afraid this tutorial will lead beginner programmers to implement very insecure authentication systems.

  3. help out with this .
    Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in
    it says the query is wrong. how?
    $query="SELECT * FROM users WHERE Username='$username' and WHERE Password='$password'";

  4. Really appreciated your hard work , it solved my problem , and i really Thank you . Don't listen what Mr and Mrs say about you , at least guys like me learned something from your video :)..Keep teaching. #thanx

  5. Man… it's 2015 already and you're still using mysql_whatever functions.
    On top of that recommending to use mysql_real_escape_string().

    Never, ever, use string interpolation in queries. Even in the most simple examples. Use parameterized queries instead.

Leave a Reply

Your email address will not be published. Required fields are marked *