Validating Page: Eror message – PHP

  php

Q(Question):

Hi

I am creating login page with validation.

i have index.php page with login box, for validating this login detail i m redirecting to login_validate.php.

Login_validate.php file code:


<?php
include ("config/config.php");
$dbtable = "users";
$resultvalue =0;
$username = $_POST['usr_name'];
$password = $_POST['usr_pass'];
$result = mysql_query("SELECT * FROM $dbtable where user_name = '".$username."' and password = '".$password."'");
$resultvalue = mysql_num_rows($result);
$result;
if($resultvalue>0)
{
echo "<script>window.location='home.php'</script>";
}
else
{
echo "****************** Alertbox [error msg]**************";
//echo "<script>window.location='error.php'</script>";
}
mysql_close();
?>

now what i want to do is i want to display alert box if the user detail is not true,

Can some one help me how to display alert box in that echo field please, i tried java script but, error in that.

Regards
magesh

A(Answer):

Hello phpmagesh.
as far as i know you can do it with javascript.


<Script language="javascript">alert("wrong login attempt!");</script>

Good luck!

P.s. you better change this ($username = $_POST[‘usr_name’];) to


$username = strip_tags(mysql_real_escape_string($_POST['usr_name']));

It’s much saver for your database!

Regards!
paul

A(Answer):

@djpaul

Hi,

thanks for your knid help,

Can you tell me the actual difference for this code please, since i dont know about that so far,

($username = $_POST[‘usr_name’];) to

$username = strip_tags(mysql_real_escape_string($_POST[‘usr_name’]));

Thanks in advance,

Regards
magesh

A(Answer):

Hey phpmagesh,
These are functions from php.
I always use the manual wich you can download from there site.
These are 2 functions to clean up the mess wich a bad user can insert into your database and hack you.
Try google on mysql_real_escape_string and strip_tags.

Watch your security, it’s very important!
Maybe it helps if you read about sql injection and that kind of stuff.

Good luck!
Paul

A(Answer):

@djpaul

Hi djpaul,

Thank you for your kind information, this will be useful message for me about the sql injection. if possible can you tell me some sites where i can get this details similar to this since i m creating a dynamic website, Security is more important for me in my site.

Again thank you so much,

Regards
magesh

A(Answer):

Hmm, we have a magic word for it: Google!
Just type in: sql injection php and you find a lot of information about it.
I have an pdf who explains it but it’s in dutch, so i think you can’t read it… 🙂
Maybe you recognize the code’s but that’s not enough i think.

But as far as i know there are more of these pdf’s arround the internet.
Try to look arround, if you are not shure if it’s save you always can ask it here.
Some people helped me to a while ago, so now i help you and other people!

Good luck!
Paul

A(Answer):

Hi.

For the record, the manual is also available online.
(See strip_tags and mysql_real_escape_string)

You can also read about SQL Injection in the manual.
PHP: SQL Injection – Manual

LEAVE A COMMENT