0

I am using godaddy server. After installing SSL in my primary domain I used .htaccess file to redirect page. but suddenly I can't fetch data from database anymore (which was working fine for past 6 months) and the same problem happened with my add-on domains also. What I contacted godaddy they said it's due to .htaccess file. I renamed .htaccess file to .htaccess.bak in both primary and add on domains but I'm still getting the same issue. My .htaccess code is:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]`

and my php code is 

if($_GET[log]==in)
     {
         $username=$_POST['username'];
         $password=$_POST['password'];

         $tmpuser= "SELECT * FROM `emplog` WHERE username='$username'";
         $q1=$con->query($tmpuser);
         $count1=$q1->num_rows;
}

However when I tested the database connection, it says "connection established successfully". but $count1 is returning null value. (Username and password is returning according to database values​. The same as was returned for last 6 months. I checked with the database and found that I am giving the correct value.)

Please help to to solve this problem.

Abraham Murciano Benzadon
  • 1,424
  • 13
  • 27
Rintu
  • 21
  • 4
  • print out the query, and see if you get the expected query string – Jens May 03 '17 at 07:36
  • Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/). Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) instead. – Tom Udding May 03 '17 at 07:45

1 Answers1

0

review bellow code and update it.

if($_GET['log']=="in"){
    $con2=mysqli_connect("localhost","my_user","my_password","my_db");
    if (mysqli_connect_errno())
        echo "Failed to connect to MySQL: " . mysqli_connect_error();
    } 


    $username=$_POST['username'];
    $password=$_POST['password'];

    $tmpuser= "SELECT * FROM `emplog` WHERE username='".$username."'";
    if ($result=mysqli_query($con2,$tmpuser)){
        // Return the number of rows in result set
        $rowcount=mysqli_num_rows($result);
        echo $rowcount;
        mysqli_free_result($result);
    }
}
Hirendrasinh S. Rathod
  • 824
  • 6
  • 11
  • showing "failed to connect" but with $conn = new mysqli($servername, $username, $password); if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } echo "Connected successfully"; showing connected successfully – Rintu May 03 '17 at 09:48