Linking Login Form with database

Question

Possible Duplicate:
PHP/MySQL Login issue

When trying to Log in to my members area on website, it doesnt link with the database, and therefore entering zero data still takes me to the members area.

What is wrong with the below php and HTML.

 <?php
 session_start();
 include("dbconnect.php");
 $numrows=0;
 $sqlMember = mysql_real_escape_string($member);
$sqlPassword = mysql_real_escape_string($password);
$query="select First_name fname, Last_name lname, Email email, Membership_Number from members where (Membership_Number='$sqlMember' and Password='$sqlPassword')";

  $link = mysql_query($query);
 if (!$link) {
  die('login error');
 }
 $numrows=mysql_num_rows($link);
 if ($numrows>0){  // authentication is successfull
  while($row = mysql_fetch_array($query));
  $_SESSION['user']['first_name']=$row['first_name'];
  $_SESSION['user']['last_name']=$row['last_name'];
  $_SESSION['user']['Membership_Number ']=$row['Membership_Number '];
  echo $_SESSION['user']['fname'].' '.$_SESSION['user']['lname'];
  header("location:members_area.php");
 } else {
  header("location:../invalid.php");  // authentication was unsuccessfull
 }
?>

HTML

<form id="jjjj" action="Send_log_details.php" class="register">
    <ul>
    <li>
    Membership Number:<br>
    <input type="text" id="Membership_Number" name="Membership_Number">
    </li>
        <li>
    Password:<br>
<input type="password"  id="Password" name="Password" value="Log in">
        </li>
    <li>

    <input type="submit" name="register" value="Login" onclick="logMeIn()">             
        </li>
        </ul>
        </form>

You haven't added POST method in form.Then how will you get values in $member and $password. — Arun Unnikrishnan, Jan 11 '13 at 16:53

score 1 · Answer 1 · answered Jan 11 '13 at 16:34

$sqlMember = mysql_real_escape_string($member);
$sqlPassword = mysql_real_escape_string($password);

Should be

$sqlMember = mysql_real_escape_string($_POST["Membership_Number"]);
$sqlPassword = mysql_real_escape_string($_POST["Password"]);

And

<form id="jjjj" action="Send_log_details.php" class="register">

Should be

<form id="jjjj" action="Send_log_details.php" class="register" method="POST">

score 1 · Answer 2 · answered Jan 11 '13 at 16:39

Your SQL seems wrong to me, I hope I'm not.

// Your code
$query="select First_name fname, Last_name lname, Email email, Membership_Number from members where (Membership_Number='$sqlMember' and Password='$sqlPassword')";

// My code
$query="select fname AS First_name, lname AS Last_name, email AS Email, Membership_Number from members where (Membership_Number='$sqlMember' and Password='$sqlPassword')";

And furthermore, I would only accept a login as successful if mysql_num_rows($query) == 1

Linking Login Form with database

2 Answers2