0
<?php
$filename = 'install.php';
if (file_exists($filename)) {
echo ("<center><font color='red'><b>/install.php still exists<br>
After installing please delete install.php</center></font></b>");
} else {
if (isset($_POST['Login'])){
include('config.php');
    if (!mysql_connect($host, $username, $password)) die("Can't connect to database");
    if (!mysql_select_db($db_name)) die("Can't select database");
    $myusername=$_POST['myusername'];
    $mypassword=$_POST['mypassword'];

    $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword' or die(mysql_error());";
    $result=mysql_query($sql);
    $count=mysql_num_rows($result);
    if($count >= 1){
    session_register("myusername");
    session_register("mypassword");
    header("location: index.php");
    } else {

    }
}

?>

I have tried to fix it but not sucsessfuly. I don't know how i can fix it because i am a php noob.

user3636659
  • 13
  • 4
  • 1
    Please read [How can I prevent SQL injection in PHP](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection). New code should not be written using the deprecated `mysql_*()` functions. Instead, this is the time to start learning to use `prepare()/execute()` securely with MySQLi or PDO. – Michael Berkowski May 14 '14 at 12:48
  • Please learn how not to store passwords(plain text for 1): http://youtube.com/watch?v=8ZtInClXe1Q – scragar May 14 '14 at 12:49
  • If you are working from a particular tutorial, it is _highly advisable_ to find a more recent one. [`session_register()` is deprecated](http://www.php.net/manual/en/function.session-register.php) as well. – Michael Berkowski May 14 '14 at 12:50

1 Answers1

0

You have an error in your query. It should be something like this.

$sql = "SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword';";

And then you can do something like this.

 $result=mysql_query($sql) or die(mysql_error());

Also try using MySQLi or PDO function for CRUD operations.

Jay Bhatt
  • 5,601
  • 5
  • 40
  • 62