hi all,
i have done simple login form with username="admin" and password="admin123".
i am checking for sql injections.i have given "mysql_real_escape_string"
for both username and password fields.
but also it is not working......
if i give username as "admin --" and click the submit button(not giving password also) it is taking to the next page...
tell me whats wrong in my below code.....
Code:
<?php
session_start();
mysql_connect("localhost","root","");
mysql_select_db("test");
if(isset($_POST['sub']))
{
$username=mysql_real_escape_string($_POST['txtuname']);
$password=mysql_real_escape_string($_POST['txtpwd']);
$check=mysql_query("SELECT DISTINCT `username`,`password` FROM `log` WHERE `username`='$username'") or die("Error: " . mysql_error());
while($find = mysql_fetch_array($check))
{
list($username,$output) = $find;
}
if($password==$output)
{
$_session['si']=session_id();
echo "<script> location='view1.php'</script>";
}
else
echo "invalid";
}
?>
<table width="200" height="150" bgcolor="lightblue" border="1" align="center">
<tr><td style="font-size:25;color:red" align="center" colspan="2">Login Form </td></tr>
<form method="post" action="">
<tr><td align="right" width="100">
Username:</td><td><input type="text" name="txtuname" </td></tr>
<tr><td align="right" width="100">
Password:</td><td><input type="password" name="txtpwd" </td></tr>
<tr><td align="right" width="100">
<input type="submit" value="login" name="sub" </td></tr>
</form>
</table>
sql injections
