I think that my query is failing here - as a result I cannot get my log-in page to work. Any assistance towards helping me realise where I have gone wrong would be muchly appreciated.
My code -
<?php
session_start();
$failure = $success = "";
if ($_SERVER["REQUEST_METHOD"] == "POST")
{mysql_connect(-All the correct info is in here-) or die(mysql_error());
mysql_select_db("flavedb") or die(mysql_error());
$uname = $_POST['uname'];
$uname = mysql_real_escape_string($uname);
$password = $_POST['password'];
$password = mysql_real_escape_string($password);
$password = md5($salt.md5($password));
$qry = "SELECT * FROM flave_users WHERE Username='".$uname."' AND Password=='".$password."'";
$result = mysql_query($qry);
if($result) {
if(mysql_num_rows($result) == 1){
session_regenerate_id();
$user = mysql_fetch_assoc($result);
$_SESSION['SESS_USER_ID'] = $user('UserID');
$_SESSION['SESS_USER_NAME'] = $user('Username');
session_write_close();
$success = "Successful - Logged in";
}
else {
$failure = "Wrong Username or Password";
$print1 = print($uname);
$print2 = print($password);
}
}
else {
die("Query Failed");
}
}
?>
have you tried using only one = instead of == ? i'm pretty sure it doesn't exist in mysql
SELECT * FROM flave_users WHERE Username='".$uname."' AND Password=='".$password."'"
echo right before and after the query and see if it prints to the screen to narrow down where exactly your code is failing