Hi all,
I’m pretty new to php, but I was making a login script for my website, the script worked beautifully but it was enclosed in an IF statement to stop the username/password wrong message appearing the first time the page was loaded. This worked fine again but i disabled the IF statement for testing - only it still logs in!
I’ve pasted my code below but it has me stumped as to why this code block runs at all?
Please help!
<?php
if ($_POST["Username1"] != $_POST["Username1"]){
// To protect MySQL injection
$myusername = $_POST["Username1"];
$mypassword = $_POST["Password1"];
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT PID FROM login WHERE username='$myusername' and password='$mypassword'";
$pid=mysql_query($sql);
$count=mysql_num_rows($pid);
if($count==1){
$_SESSION['UID']=$myusername;
$_SESSION['PID']=$pid;
echo '<script language="Javascript">';
echo 'window.location="main.php"';
echo '</script>';
}
else {
echo "Wrong Username or Password";
}
}
?>
the working code before was identical, but the top line read if ($_POST[“Username1”] != null){
also i have tried if (1==2){ - but even that still logs in!
any help anyone can give would be much appreciated.