0

I tried to connect and the browser doesn't implement the code but it just display the code. Below is the codes am having.

<?php

    $inputuser = $_POST['user'];
    $inputpass = $_POST['pass'];

    $user = "root";
    $password = "";
    $database = "tutorial";
    $connect = mysql_connect("localhost",$user,$password);
    @mysql_select_db($database) or ("Database not found");

    $query = "SELECT * FROM 'users' where 'user' = '$inputuser'";
    $querypass = "SELECT * FROM 'users' where 'password' = '$inputpass'";

    $result = mysql_query($query);
    $resultpass = mysql_query($querypass);

    $row = mysql_fetch_array($result);
    $rowpass = mysql_fetch_array($resultpass);

    $serveruser = $row["user"];
    $serverpass = $row["password"];

    if($serveruser&&$serverpass){
        if(!$result){
            die("username or password is invalid");
        }
        echo "<br><center><Database output</br></center><br><br>";
        mysql_close();
        echo $username;
        echo $password;

    }
?>
Bryan Austin
  • 309
  • 2
  • 11
  • Have you saved the file containing the code as FILE_NAME.php ? and are you running the code(file) using a local development server ? – Shakti Phartiyal Apr 12 '17 at 13:29
  • Which part specifically is failing. What I do notice is you're using the wrong quotes in your SQL queries. – Jonnix Apr 12 '17 at 13:29
  • **Not using the [deprecated](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) and now removed `mysql_` API would be a good start because [this happens when you do](https://media.giphy.com/media/kg9t6wEQKV7u8/giphy.gif)** – RiggsFolly Apr 12 '17 at 13:29
  • Hello. Your script is really unsafe! High risk of SQL injection, have a look at http://bobby-tables.com ... use prepared statements and stop using mysql_ use mysqli_ or PDO_ extension instead. – Twinfriends Apr 12 '17 at 13:31
  • **Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure you ***[don't escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Apr 12 '17 at 13:32

0 Answers0