Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Hi every one
I am newbie  at PHP and tring to create a simple login application.
based on a Tutorial at:

Now I have three files which are:


I am using a simple form for login.php and my checklog.php file is
like this:
$host=3D"localhost"; // Host name
$username=3D"ggfd"; // Mysql username
$password=3D"doirta"; // Mysql password
$db_name=3D"members"; // Database name
$tbl_name=3D"mempass"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot
mysql_select_db("$db_name")or die("cannot select DB");
// Define $myusername and $mypassword
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql=3D"SELECT * FROM $tbl_name WHERE username=3D'$myusername' and
// Mysql_num_row is counting table row
// If result matched $myusername and $mypassword, table row must be 1
// Register $myusername, $mypassword and redirect to file
else {
echo "Wrong Username or Password";
and finally i have the logsuccess.php which is:
4.header("location: login.php");
9.Login Successful

I can login correctly into the database , and table .I also got error
message when I inter a wrong password and username but I have on the
problem on following part of log_success.php.
First of all every one can open the file log_success.php from the
browser address bar and get in the page! This is not supposed to be!.
I also get the following error on the page:
Notice: Use of undefined constant myusername - assumed 'myusername' in
C:\wamp\www\Login\login_success.php on line 3

could you please let me know what is wrong wth this part of code?

Re: session_start();

Quoted text here. Click to load it

1) You have not quoted the name myusername. The error message even
told you this.
2) The manual has this to say about session_is_registered()
This function has been DEPRECATED as of PHP 5.3.0 and REMOVED as of
PHP 6.0.0. Relying on this feature is highly discouraged.

Re: session_start();

Quoted text here. Click to load it

Thanks Captain.
I get rid of that erroe but what can I use insted of
session_is_registered() could you please help more about this?
thanks alot

Re: session_start();

Quoted text here. Click to load it

If you look at the manual section for this function you will find a
user contributed note suggesting an alternative.

Re: session_start();

In article <69922118-c916-40c3-9410->,
Quoted text here. Click to load it


I'm fairly new to php and, if you are not aware of it already, a useful
site to bookmark is  There you'll find all the functions
that php uses with examples of how to use them.

Pete Ives
Remove All_stRESS before sending me an email

Re: session_start(); wrote:
Quoted text here. Click to load it
Quoted text here. Click to load it

Find another example.  This one is not good at all.

For starters, don't use the ob_xxx functions.  They just hid potential
problems for later.  Rather, structure your code correctly and you don't
need them.

Next, unless you're putting the definitions for $host, $username, etc.
in a configuration file (which I DO recommend - but that can come
later), don't clutter your code up with them.  Keep it simple for now.

You don't need (and should not use) stripslashes() unless
magic_quotes_gpc is set in the php.ini file.  And most hosting companies
have it turned off.  If you do have a potential problem, you should
check the return of get_magic_quotes_gpc() first and only call
stripslashes() if magic_quotes_gpc is enabled.  I don't do the latter;
rather I just host with companies who have magic_quotes_gpc turned off.

session_register() only works if register_globals is enabled in the
php.ini file.  The default for this has been to disable register_globals
since PHP 4.2 - for valid security reasons.

You really need to find a better example.  Not only is this a poor
example, it looks like it was written for PHP 3.x (or maybe 4.0) and is
badly out of date.

Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.

Site Timeline