1st. Replace your $sql query with this
$sql = sprintf("SELECT * FROM admin WHERE UserName = '%s' AND Password
= '%s'", mysql_real_escape_string($UserName),
mysql_real_escape_string($Password));
$result = mysql_query($sql) or die(mysql_error());
Ólafur Waage
[email protected]
On Thu, Dec 18, 2008 at 3:56 PM, Terion Miller <[email protected]> wrote:
> Still this won't pass the session to the next page.... is there a way to
> pass parameters in the url but mask them? maybe that would be easier, since
> I do have code that works passing the adminID on the url ...
> can a parameter be hashed after the fact? I tried echo-ing the fields on
> the next page and they are not passing...
> my code that still doesn't work:
>
> <?php
> // start session
> session_start();
> include("inc/dbconn_open.php") ;
> $errs = error_reporting ('E_ALL');
>
> if (isset($_POST['UserName'])) {$UserName = $_POST['UserName'];} else
> {$UserName = '';}
> if (isset($_POST['Password'])) {$Password = $_POST['Password'];} else
> {$Password = '';}
>
> $msg = '';
>
> if (!empty($UserName)) {
>
> $sql = "SELECT * FROM admin WHERE UserName ='$UserName' and Password
> ='$Password' "
> or die(mysql_error());
> $result = mysql_query ($sql);
> $row = mysql_fetch_object ($result);
> If (mysql_num_rows($result) > 0) {
> $_SESSION['AdminLogin'] = $row['AdminID'];
> header ("Location: Main.php");
> } else {
> $msg = "Invalid Login";
> }
> }
>
> ?>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
