i'm sending session values from my first.php and trying to get from my second.php. I have done some reading about this, and works fine on my localhost, but on my server doesn't work at all.
Here is the code from my first.php file:
<?php
session_start();
ob_start();
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link rel="stylesheet" type="text/css" href="http://localhost/Shopping_biblioteka/css/style.css">
<title></title>
</head>
<body align="center">
<div id="login">
<?php
if (isset($_POST['username']) && isset($_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];
mysql_connect("localhost", "shopping_katalog", "logik#112233") or die(mysql_error());
mysql_select_db("shopping_katalog") or die(mysql_error());
mysql_query("SET CHARACTER SET utf8");
mysql_query("SET NAMES utf8");
$result = mysql_query("SELECT password,id FROM x9qg6_users
where username='" . $username . "'");
if (!$result) {
echo 'Could not run query: ' . mysql_error();
exit;
}
$row = mysql_fetch_row($result);
$userhash = md5($password . $test[1]);
if ($test[0] === $userhash) {
$_SESSION['login_user'] = $user_id;
$_SESSION['username'] = $username;
$url = "biblioteka.php";
header("Location: $url");
}
} else {
echo 'Внесете ги вашите податоци во полињата!';
}
?>
<form action="" method="POST" accept-charset="UTF-8">
Корисничко име:<br/>
<input name="username" id="username" type="text"/><br/>
Лозинка:<br/>
<input type="password" id="password" name="password"/><br/>
<input type="submit" value="Логирај се!"/>
</form>
</div>
</body>
</html>
And here is my second.php file:
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link rel="stylesheet" type="text/css" href="http://localhost/Shopping_biblioteka/css/style.css">
<title>Библиотека на</title>
</head>
<body>
<div id="wrapper">
<?php
$user_ID = $_SESSION['login_user'];
$logged_user = $_SESSION['username'];
?>
<h1 align="center" id="b_welcome">Добредојде <?php echo $logged_user; ?> во твојата библиотека! </h1>
<h4 align="center" id="b_info">Во твојата библиотека ги имаш следниве книги</h4>
<div id="knigi">
<?php
/* OVA E QUERITO
*
SELECT *
FROM Knigi k, poracki p
WHERE k.knigaid = p.kniga
AND p.korisnikInt = $user_ID
*
*/
//-----------------------------------
if(isset($_SESSION['login_user'])){
mysql_connect("localhost", "user", "pass) or die(mysql_error());
mysql_select_db("shopping_katalog") or die(mysql_error());
mysql_query("SET CHARACTER SET utf8");
mysql_query("SET NAMES utf8");
$result = mysql_query("SELECT * FROM Knigi k, poracki p
WHERE k.knigaid = p.kniga AND p.korisnikInt ='" . $user_ID . "'");
while ($row = mysql_fetch_array($result)) {
//knigaid,naslov,avtor,link_do_pdf,thumb_link,kategorija,cena,br_strani
echo '<div id="item">';
echo '<h5 align="center" id="b_item_title">' . $row['naslov'] . '</h5>';
//echo '' . $row['avtor'] . '';
echo '<img src="http://' . $row['thumb_link'] . '" id="b_item_slika" />';
echo '</div>';
}
if (!$result) {
echo 'Проблем со добивање на податоците: ' . mysql_error();
exit;
}
}else{
$url = "/index.php";
header("Location: $url");
}
?>
</div><!--kraj na knigite-->
</div>
</body>
</html>
Here is the concept:
in you first_page.php the user should enter his username and password and if you find them both are correct and match those exist in the database, then you will set a session and store whatever data you want in it, then you will redirect the user to the second_page.php which will use those session stored values to do whatever you want with them. And if the user didn't enter his username and password he will stay in the first_page.php
And here is a simple example from which you can take the main concept and apply it on your case:
in first_page.php
<?php
session_start();
ob_start();
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title></title>
</head>
<body align="center">
<div>
<?php
if (!empty($_POST["username"]) && !empty($_POST["password"])) {
$_SESSION['username'] = $_POST["username"];
header("Location: second_page.php");
}
?>
<form action="first_page.php" method="post" accept-charset="UTF-8">
Username: <input type="text" name="username" /><br/>
Password: <input type="password" name="password"/><br/>
<input type="submit" value="Login"/>
</form>
</div>
</body>
</html>
And in second_page.php
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title></title>
</head>
<body>
<h3>Welcome <?php echo $_SESSION["username"] ?></h3>
</body>
</html>
To check if cookies are enabled or not, use the code...
<?php
setcookie('test', 1, time()+3600);
if(!isset($_GET['cookies'])){
header('Location:/info.php?cookies=true');
}
if(count($_COOKIE) > 0){
echo "Cookies are Enabled!";
} else {
echo "Disabled";
}
?>
Related
So, I created a session_start and created two html input text boxes on the first page. I thought I correctly coded the if statements in the primary PHP block but alas, am unable to use the submitted values on the secondary page. I've made small alternations on both pages, nothing major, but cannot get the second page to show these session variables. What am I missing here?
//FIRST Page
<!DOCTYPE>
<?php
session_start();
?>
<html>
<head>
<title>Product Page</title>
<meta charset="UTF-8"
</head>
<body>
<form method=“post” action="orderPage.php">
<p>Enter the number of items you would like to order in each respective text box</p>
<label>Apples <input name="Apples" /></label>
<br>
<label>Bananas <input name=“Bananas” /></label>
<input type="submit" value="Checkout"></form>
<?php
if (isset($_POST['submit'])) {
if (empty($_POST['Apples'])) {
$Apples = 0;
$_SESSION['Apples'] = $Apples;
} else {
$Apples = $_POST['Apples'];
$_SESSION['Apples'] = $Apples;
}
if (empty($_POST['Bananas'])) {
$Bananas = 0;
$_SESSION['Bananas'] = $Bananas;
} else {
$Bananas = $_POST['Bananas'];
$_SESSION['Bananas'] = $Bananas;
}?>
</body>
</html>
//Second Page
<!DOCTYPE>
<?php
session_start();?>
<html>
<head>
<title>Product Page</title>
<meta charset="UTF-8"
</head> <body> <h3>Order Confirmation Page</h3>
<?php
echo "Apples : " . $_SESSION['Apples'] . "<br>";echo "Bananas : " . $_SESSION['Bananas'] . "<br>";?>
<input type="submit" method="post" value="Checkout">
<?php
if (isset($_POST['submit'])){echo "Your order has been placed.";session_destroy();}?>
</body>
</html>
You Have some mistakes, there are, } missing end of the page 1 submit form, and and not using PHP function top of the page. So I have tested and following code will helps you.
page 1
session_start();
$Apples = 0;
$Bananas = 0;
if (isset($_POST)) {
if (empty($_POST['Apples'])) {
$_SESSION['Apples'] = $Apples;
} else {
$Apples = $_POST['Apples'];
$_SESSION['Apples'] = $Apples;
}
if (empty($_POST['Bananas'])) {
$_SESSION['Bananas'] = $Bananas;
} else {
$Bananas = $_POST['Bananas'];
$_SESSION['Bananas'] = $Bananas;
}
//echo json_encode($_SESSION);
}
?>
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8">
<title></title>
</head>
<body>
<form action="orderPage.php" method="post">
Apples: <input type="text" name="Apples"><br>
Bananas: <input type="text" name="Bananas"><br>
<input type="submit">
</form>
</body>
</html>
And Your 2nd page
<?php
session_start();
if (isset($_POST)) {
session_destroy();
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Product Page</title>
<meta charset="UTF-8">
</head> <body> <h3>Order Confirmation Page</h3>
<?php
echo "Apples : " . $_SESSION['Apples'] . "<br>";echo "Bananas : " . $_SESSION['Bananas'] . "<br>";?>
<form class="" action="" method="post">
<input type="submit" value="Checkout">
</form>
</body>
</html>
Think this will help you.
I have a login page with login form , it should redirect to admin page when admin loggs in. This all worked, but four days ago it redirects again to login page. When I manualy type admin after login in url, admin page can be accessed.
My login page:
<html>
<head>
<?php include 'connect.php'; ?>
<?php include 'functions.php'; ?>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, minimumscale=1.0, maximum-scale=1.0" />
<title>Login - Admin</title>
<link rel='stylesheet' href='style.css' type='text/css' />
<?php include 'header.php'; ?>
</head>
<body >
<div id="container_vanjski">
<div id="container">
<form method="post">
<br/>
<?php
if(isset($_POST['submit'])){
$username = mysqli_real_escape_string($con, $_POST['username']);
$password = md5(mysqli_real_escape_string($con, $_POST['password']));
if(empty($username) or empty($password)){
echo ' <p>Polja su prazna !</p>';
}
else {
$check_login = mysqli_query($con, "SELECT id, user_level FROM korisnici WHERE username='".$username."' AND password='".$password."'");
if(mysqli_num_rows($check_login) == 1){
$run = mysqli_fetch_array($check_login);
$user_id = $run['id'];
$user_level = $run['user_level'];
$_SESSION['user_id'] = $user_id;
header("Location: admin");
}else{
echo ' <p>Pogrešno Korisničko ime ili Lozinka!</p>';
}
}
}
?>
<br/>
<div id="log">
<label for="username">Korisničko ime:</label><input type="text" name="username" /><br />
<label for="password">Lozinka:</label><input type="password" name="password" /><br />
<br />
<input type="submit" name="submit" value="Prijava" id="button" />
</div>
</form>
</div>
<?php include 'footer.php'; ?>
</div>
</body>
</html>
On my localhost server this is working, but on web server(BLUEHOST) this stopped working four days ago.
Does anyone know why is this happening?
You can't use header after html.
Two solutions :
Header before any html code (my favorite)
buffering
<?php
ob_start( );
?>
<html>
<body>
some output
<?php
ob_end_clean( );
header( 'Location: http://www.google.com' );
exit;
?>
</body>
</html>
<?php
ob_end_flush( );
?>
Full code :
<?php
include 'connect.php';
include 'functions.php';
if(isset($_POST['submit'])){
$username = mysqli_real_escape_string($con, $_POST['username']);
$password = md5(mysqli_real_escape_string($con, $_POST['password']));
if(empty($username) or empty($password)){
$message = ' <p>Polja su prazna !</p>';
}
else {
$check_login = mysqli_query($con, "SELECT id, user_level FROM korisnici WHERE username='".$username."' AND password='".$password."'");
if(mysqli_num_rows($check_login) == 1){
$run = mysqli_fetch_array($check_login);
$user_id = $run['id'];
$user_level = $run['user_level'];
$_SESSION['user_id'] = $user_id;
header("Location: admin");
}else{
$message = ' <p>Pogrešno Korisničko ime ili Lozinka!</p>';
}
}
}
?>
<html>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, minimumscale=1.0, maximum-scale=1.0" />
<title>Login - Admin</title>
<link rel='stylesheet' href='style.css' type='text/css' />
<?php include 'header.php'; ?>
</head>
<body >
<div id="container_vanjski">
<div id="container">
<form method="post">
<br/>
<?php echo (isset($message) ? $message : ''); ?>
<br/>
<div id="log">
<label for="username">Korisničko ime:</label><input type="text" name="username" /><br />
<label for="password">Lozinka:</label><input type="password" name="password" /><br />
<br />
<input type="submit" name="submit" value="Prijava" id="button" />
</div>
</form>
</div>
<?php include 'footer.php'; ?>
</div>
</body>
</html>
Headers must be sent before any other content is generated on the server. Move your login handling code to the start of the file before the opening HTML tag. It may have worked on your localhost as some configurations can be a little forgiving with header's being sent mid code but it is not compliant and you will probably find that is the issue.
I am going from vulnerable SQL codes into secure one, and I am trying to update my login to this:
if(isset($_POST['login'])){
$username = $_POST['username'];
$password = $_POST['password'];
if($username != '' && $password!=''){
session_start();
$sql = "SELECT * FROM login WHERE username=? and password =?";
$stmt = $con->prepare($sql);
$stmt=bind_param("ss", $username, $password);
$stmt->execute();
$stmt->store_result();
$num->$stmt->num_rows;
$stmt->close();
if($num>0){
$_SESSION["username"] = $username;
header("Location:homepage.php");
die();
} else {
$message = "Invalid Username or Password!";
}
}
}
When I am launching my login page I got this message:
This webpage has a redirect loop
Any help is appreciated.
EDIT
homepage code:
<?php
require_once ('/include/global.php');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Clinic Form</title>
<link href="css/1140.css" rel="stylesheet" type="text/css" />
<link href="css/style.css" rel="stylesheet" type="text/css" />
<link href="http://fonts.googleapis.com/css?family=Source+Sans+Pro:300" rel="stylesheet" type="text/css" />
</head>
<body>
<div class="container12">
<header>
<div class="row" align="center">
<div class="column12"> <img src="images/logo.png"/> </div>
</div>
<div class="row" align="center">
<div class="row" align="center">Logout</div>
</div>
</header>
<h1 id="home" align="center"> </h1>
<div class="alert"></div>
<div class="column12" align="center">
<div class="row"><a href="patients.php">
<input type="image" value="Patient" src="images/patient.png" width="widthInPixels" height="heightInPixels" onmouseover="this.src='images/patient_roll.png';" onmouseout="this.src='images/patient.png';">
</a> </div>
<div class="row"><a href="/clinic form/appoint/appoint.php">
<input type="image" value="Appointments" src="images/appointments.png" width="widthInPixels" height="heightInPixels" onmouseover="this.src='images/appointments_roll.png';" onmouseout="this.src='images/appointments.png';">
</a> </div>
<div class="row"><a href="/clinic form/med/med.php">
<input type="image" value="Medicaments" src="images/med.png" width="widthInPixels" height="heightInPixels" onmouseover="this.src='images/med_roll.png';" onmouseout="this.src='images/med.png';">
</a> </div>
<div class="row"><a href="">
<input type="image" value="Statistics" src="images/stat.png" width="widthInPixels" height="heightInPixels" onmouseover="this.src='images/stat_roll.png';" onmouseout="this.src='images/stat.png';">
</a> </div>
</div>
</div>
</body>
</html>
EDIT 2
global.php file:
<?php
session_start();
$host="localhost"; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name=""; // Table name
//if(!session_is_registered(myusername)){
//header("location:index.html");
if(isset($_SESSION['username'])) {
echo "Page seen only by " . $_SESSION['username']."<br>";
$con=mysqli_connect($host,$username,$password,$db_name);
}
else{
session_destroy();
header("location:index.php");
}
?>
EDIT 3
The entire index.php code:
<?php
require_once('/include/global.php');
/*if(isset($_POST['login'])){
if($_POST['username'] != '' && $_POST['password']!=''){
if(!isset($_SESSION))
{
session_start();
session_register('username');
}
$result = mysql_query("SELECT * FROM login WHERE username='" . $_POST["username"] . "' and password = '". $_POST["password"]."'");
$row = mysql_fetch_array($result);
if(is_array($row)) {
$_SESSION["username"] = $row[$_POST["username"]];
$_SESSION['username'] = $_POST["username"];
header("Location:homepage.php");
} else {
$message = "Invalid Username or Password!";
}
}else{
$error_msg="Please fill all the fields";
}
}*/
if(isset($_POST['login'])){
$username = $_POST['username'];
$password = $_POST['password'];
if($username != '' && $password!=''){
session_start();
$sql = "SELECT * FROM login WHERE username=? and password =?";
$stmt = $con->prepare($sql);
$stmt=bind_param("ss", $username, $password);
$stmt->execute();
$stmt->store_result();
$num->$stmt->num_rows;
$stmt->close();
if($num>0){
$_SESSION['username'] = $username;
header("Location: homepage.php") ; die();
} else {
$message = "Invalid Username or Password!";
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Clinic Form</title>
<link href="css/1140.css" rel="stylesheet" type="text/css" />
<link href="css/style.css" rel="stylesheet" type="text/css" />
<link href="http://fonts.googleapis.com/css?family=Source+Sans+Pro:300" rel="stylesheet" type="text/css" />
</head>
<body>
<div class="container12">
<header>
<div class="row" align="center">
<div class="column12"> <img src="images/logo.png"/> </div>
</div>
</header>
<h1 id="home" align="center">Login</h1>
<form action="" method="POST">
<?php if(isset($message)) echo "<script type='text/javascript'>alert('$message');</script>" ?>
<div class="alert">
<?php if(isset($error_msg)) echo "<script type='text/javascript'>alert('$error_msg');</script>" ?>
</div>
<div class="column12" align="center">
<div class="row">
<input type="text" class="large-fld" name="username" value="" placeholder="Username" />
</div>
<div class="row">
<input type="password" class="large-fld" name="password" value="" placeholder="*****" />
</div>
<div class="row">
<input type="image" name="login" value="Login" src="images/btn.png" width="widthInPixels" height="heightInPixels" onMouseOver="this.src='images/rollOverBtn.png';" onMouseOut="this.src='images/btn.png';">
</div>
</div>
</form>
</div>
</body>
</html>
Maybe it will help you, if you be more specific about your header. When I started I found this little peace of code and use it ever since.
$hostname = $_SERVER["HTTP_HOST"];
$path = dirname($_SERVER["PHP_SELF"]);
header("Location: https://".$hostname.($path == "/" ? "" : $path)."/homepage.php");
die();
But I have another question, where do you set your Session Variable $_SESSION["username"] ?
EDIT:
Ok, your code does this:
You call homepage.php which includes global.php. Since there are no session variables set yet, global.php jumps into this part
else
{
session_destroy();
header("location:index.php");
}
Here you redirect to index.php. In index.php you include global.php again and exactly at this point your loop begins. So your global.php sends you to index.php in which global sends you to index.php and so on.
On way is to simply remove the include of global.php at the very beginning of your index.php.
Further you need to call
$stmt->bind_param("ss", $username, $password);
instead of
$stmt=bind_param("ss", $username, $password);
Please add space in header function after Location: .
header("Location: homepage.php");
I have small problem with part of my script:
<?php
session_start();
include_once('../includes/connection.php');
if(isset($_SESSION['logged_in'])) {
?>
<html>
<head>
<meta charset="UTF-8">
<title>Login</title>
<link rel="stylesheet" href="../css/style.css">
</head>
<body>
<h1>Markup 1</h1>
</body>
</html>
<?php
} else {
if(isset($_POST['email'], $_POST['password'])) {
$email = $_POST['email'];
$password = $_POST['password'];
$query = $db->prepare("SELECT * FROM user WHERE user_email = ?");
$query->bind_param('s',$email);
$query->execute();
$query->bind_result($user_id,$user_name,$user_email,$user_password);
$query->fetch();
$user = array("user_id"=>$user_id, "user_name"=>$user_name, "user_email"=>$user_email, "user_password"=>$user_password);
if($user['user_id'] != 0) {
$_SESSION['logged_in'] = true;
header("Location: index.php");
die();
} else {
$error = "Incorrect details!";
}
}
}
?>
<html>
<head>
<meta charset="UTF-8">
<title>Login</title>
<link rel="stylesheet" href="../css/style.css">
</head>
<body>
<h1>Markup 2</h1>
<div class="container">
<h3>Please login</h3>
<?php if(isset($error)) { ?>
<h4><?php echo $error; ?></h4>
<?php } ?>
<form action="index.php" method="post" autocomplete="off">
<input type="text" name="email" placeholder="E-mail">
<input type="password" name="password" placeholder="Password">
<input type="submit" value="Login">
</form>
</div>
</body>
</html>
Problem is that script after refreshing (calling header() method) doesn't execute die() statement, and after successfully set session variable and rendering part with "Markup 1" it will also render "Markup 2" part but it shouldn't.
I found this example here: https://www.youtube.com/watch?v=UNTvU--o2q8.
You can try including the second markup section within the else block this is a fairly hackish fix, but it should accomplish what you are aiming for. I would recommend restructuring this section and pulling some of the markup out to separate included files.
<?php
session_start();
include_once('../includes/connection.php');
if(isset($_SESSION['logged_in'])) {
?>
<html>
<head>
<meta charset="UTF-8">
<title>Login</title>
<link rel="stylesheet" href="../css/style.css">
</head>
<body>
<h1>Markup 1</h1>
</body>
</html>
<?php
} else {
if(isset($_POST['email'], $_POST['password'])) {
$email = $_POST['email'];
$password = $_POST['password'];
$query = $db->prepare("SELECT * FROM user WHERE user_email = ?");
$query->bind_param('s',$email);
$query->execute();
$query->bind_result($user_id,$user_name,$user_email,$user_password);
$query->fetch();
$user = array("user_id"=>$user_id, "user_name"=>$user_name, "user_email"=>$user_email, "user_password"=>$user_password);
if($user['user_id'] != 0) {
$_SESSION['logged_in'] = true;
header("Location: index.php");
die();
} else {
$error = "Incorrect details!";
}
} ?>
<html>
<head>
<meta charset="UTF-8">
<title>Login</title>
<link rel="stylesheet" href="../css/style.css">
</head>
<body>
<h1>Markup 2</h1>
<div class="container">
<h3>Please login</h3>
<?php if(isset($error)) { ?>
<h4>
<?php echo $error; ?>
</h4>
<?php } ?>
<form action="index.php" method="post" autocomplete="off">
<input type="text" name="email" placeholder="E-mail">
<input type="password" name="password" placeholder="Password">
<input type="submit" value="Login">
</form>
</div>
</body>
</html>
<?php } ?>
You can't call header() after you write content to the browser. You can sort of hack around this in PHP using output buffers (it's been a long time), but really you should move code that handles headers above all of your markup.
See: http://php.net/manual/en/function.header.php
I looked on http://www.phpportalen.net/wiki/index.php?page=Enkel+inloggning+med+MySql+och+sessioner to how to do a simple login.
But when i try to login now it says that the username or password is wrong. So Im guessing something is not right in my control dokument, where im checking the usernamne and password to the database.
In the exampel i looked on they have it all in the same page, so im guessing I need to change more than i thougt.
This is the code in the loginside:
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<title></title>
<link href="stylesheet.css" media="screen" rel="stylesheet" type="text/css" />
</head>
<body>
<?php
if(!isset($_SESSION["sess_user"])){
if(isset($_GET['badlogin'])){
echo "Fel användarnamn eller lösenord, försök igen!";
}
?>
<form method="post" action="check.php">
<p>User</p>
<input name="user" type="text" />
<p>Password</p>
<input name="password" type="text" />
<input name="logIn" type="submit" value="Log in" />
</form>
<?php
}
else{
header("Location: admin.php");
}
?>
</body>
</html>
And this is the code in my controlside:
<?php
session_start();
?>
<?php
function db_escape($post){
if(is_string($post)){
if(get_magic_quotes_gpc()){
$post = stripslashes($post);
}
return mysqli_real_escape_string($post);
}
foreach($post as $key => $val){
$post[$key] = db_escape($val);
}
return $post;
}
if(isset($_POST["logIn"])){
// Connect to db
$dbConn = mysqli_connect("localhost","sabe0011","lösen","sabe0011");
$dbConn->set_charset("utf8");
// Check connection
if(mysqli_connect_errno($dbConn)){
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$_POST = db_escape($_POST);
$checkUserSQL = mysqli_query($dbConn, "SELECT * FROM Users WHERE User ='{$_POST['user']}' AND Password ='{$_POST['password']}'");
if(mysqli_num_rows($checkUserSQL) == 0){
header("Location: login.php?badlogin=");
exit;
}
$_SESSION['sess_id'] = mysqli_store_result($checkUsersSQL, 0);
$_SESSION['sess_user'] = $_POST['user'];
header("Location: admin.php");
exit;
}
?>
Your parameters in your query should be escaped like:
$checkUserSQL = mysqli_query($dbConn, "SELECT * FROM Users WHERE User =" . $_POST['user'] . " AND Password = " . $_POST['password']);
But in term of security, you have to see at the prepared query here.