0

I am working on a site where I am fetching records from database to match with the user input, if the data does not match with the details in database it must show an javascript alert box. But the problem is the javascript box is showing on body load too. Following is my code : 

//Storing the value of form's username and password into PHP variables
$username = $_POST['username'];
$password = $_POST['password'];
//This query is to check whether ther user has provided valid details
$query = mysql_query("Select * from accounts where username='$username' and     password='$password'");
$status = mysql_num_rows($query);
/**Now checking whether the number of rows returned by database are greater than 0 to  verify the login
if number of rows are greater than zero we will redirect the user to index page with a     session variable**/

if($status >0)
{
$_SESSION['username'] = $username;
?>
<meta http-equiv="refresh" content="0;url=index.php">
<?}
else
{?>
<script language="javascript">
alert('UserName or Password does not match. Please try again');
</script>
<?}?>
Improve this question
5
  • 5
    warning your code is extremely vulnerable to sql injection attacks. also you should never store users passwords in the database. Commented Nov 9, 2012 at 12:37
  • 1
    @Jessica Brownie to complete what Daniel said, I suggest you look for password hashing (and never hash only the password, always include a salt and other parts like the username if it's constant). Commented Nov 9, 2012 at 12:38
  • Jessica, what page is this on? Can you show the form? Can you show more code that precedes this fragment? Commented Nov 9, 2012 at 12:47
  • 2
    I think she's trying to learn using PHP inside HTML pages. One step at a time. Don't confuse her with injections before she learns it. Commented Nov 9, 2012 at 12:47
  • On another note, you are using short tags. Commented Nov 9, 2012 at 12:54

3 Answers 3

Reset to default
1

Replace

else

with

else if (isset($_POST['username'])) {

if you don't want the alert to appear when the user isn't trying to log in.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

You need a login flag for this.

Add this to your form:

<input type="hidden" name="login_process" value="true" />

and then surround your login code with:

if($_POST["login_process"] == "true"){ 

    //your login code

}

...your page body
Improve this answer

Comments

0 
you miss <?php and Varible
    this Code Use then Check
       <?php 

            $username = $_POST['username'];
            $password = $_POST['password'];

            //This query is to check whether ther user has provided valid details
            $query = mysql_query("Select * from accounts where username='".$username."' and     password='**".$password."**'");
            $status = mysql_num_rows($query);

            /**Now checking whether the number of rows returned by database are greater than 0 to  verify the login if number of rows are greater than zero we will redirect the user to index page with a session variable**/

            if($status >0)
            {
               $_SESSION['username'] = $username;
            ?>
            <meta http-equiv="refresh" content="0;url=index.php">
            **<?php** }
            else
            {?>
            <script language="javascript">
            alert('UserName or Password does not match. Please try again');
            </script>
            **<?php** }?>
Improve this answer

1 Comment

Why does this fix the issue?

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.