0

I have problem with my code i am creating a login system in PHP, the problem is when username and password matches its OK everything works as it should but in other case if username or password don't match it should display "Authentication Failed!" message, it also diplays this message. but problem is it also Follows another message :

"Notice: Undefined variable: dbusername in C:\xampp\htdocs\abc\index.php on line 25"

Connecting to db and selecting table:

$con = mysqli_connect($hostname,$dbuser,$dbpass,$dbname) or die ("Could not connect to Data base !");
$result = mysqli_query($con,"SELECT * FROM persons WHERE username = '$username' AND password = '$password'") or die ("Could not query!");`

Fetching data:

while($row = mysqli_fetch_array($result)) {

  $dbusername = $row['username'];
  $dbpassword = $row['password'];

}

comparing username password with database username/password:

if ($dbusername == $username AND $dbpassword == $password) // Checking if username and password matches with database's data..
{
    echo "<br>"."You are logged in";
}
else
{
    echo "Authentication Failed!";
}
j08691
  • 204,283
  • 31
  • 260
  • 272
Imran Aslam
  • 208
  • 2
  • 15
  • Well, the message explains itself. Your variable `dbusername` is not defined. Which part don't you understand? – Daan Aug 08 '14 at 14:09
  • FYI: Since your `username` column should be unique, you should never get more than one row back from your database query – so using a loop to fetch the data is rather nonsense. And I hope you have secured this against SQL Injection (and just not shown us that in your minimal code example) …? – CBroe Aug 08 '14 at 14:11
  • You're wide open to SQL injection attacks, I suggest using parametised queries, or escaping your variables via: `$escaped_var = $con->escape($var);` - You're also storing passwords in plain text, really bad practice, I suggest watching this video: https://www.youtube.com/watch?v=8ZtInClXe1Q – scragar Aug 08 '14 at 14:11
  • @Cbroe Without loop i am not able to fetch data if i use $row=mysqli_fetch_array($result); and then echo $row['username']; it doesn't work while if i use in while loop it works whats that problem? – Imran Aslam Aug 08 '14 at 14:51

0 Answers0