You do know your code is open for sql injection attacks.
php.net search for sql injection and session spoofing
HTH
Andy
On Friday 14 October 2005 09:25, Jochem Maas wrote:
> try some code indentation to make it more readable.
>
> someone else pointed you to the 'user' 'name' mismatch already I
try some code indentation to make it more readable.
someone else pointed you to the 'user' 'name' mismatch already I see.
twistednetadmin wrote:
...
session_start();
switch (@$_GET['action']) // Gets set by the form action
{
case "login":
$sql = "SELECT name FROM DB
WHERE name='$_POST[user]'"
When I fill in the form with user and password, it goes to the
loginerror.php anyway.
Is this because I use switch with only one case(I'm going to make more
later), and if it is. What should I use instead?
This is my first php-script. I have tested this on both php4 and php5.
Please help.
(login.p
3 matches
Mail list logo
