Hi there,
I am pretty new to PHP and have been attempting to develop a basic blog as my first php project.
This video is what I am learning from:
At 25:35 in the video is where I am having problems. As far as I can tell, my code matches that of the video author, however I have an error and he doesn’t.
Here is my code that has the issue:
[code][php]
<?php session_start(); ini_set('error_reporting', E_ALL); if(isset($_POST['submit'])){ // $user = $_POST['username']; $pwrd = $_POST['pwrd']; //include database connnectinon include('../includes/db_connection.php'); if(empty($user) || empty($pwrd)){ echo "missing information"; }else{ //prevents javascript injections //prevents sql injections $user = strip_tags($user); $user = $db->real_escape_string($user); $pwrd = strip_tags($pwrd); $pwrd = $db->real_escape_string($pwrd); $pwrd = md5($pwrd); // this is going to grab the username from the user table, where username = user and password = pwrd $query = $db->query("SELECT user_id, username FROM user WHERE username='$user' AND password='$pwrd'"); echo $query->num_rows; } } ?> Untitled DocumentUsername
PasswordI was not having trouble until I wrote this code here (its in the above example, just drawing attention to the problematic bit). Do you see any problems with the below code?
[php]
else{
//prevents javascript injections //prevents sql injections
$user = strip_tags($user);
$user = $db->real_escape_string($user);
$pwrd = strip_tags($pwrd);
$pwrd = $db->real_escape_string($pwrd);
$pwrd = md5($pwrd);
// this is going to grab the username from the user table, where username = user and password = pwrd
$query = $db->query(“SELECT user_id, username FROM user WHERE username=’$user’ AND password=’$pwrd’”);
echo $query->num_rows;
}[/php]
Thanks for any help.