This is the PHP code for logging the user into the website which I am building but whenever I run this code I am getting the following output. Please help me.
I am using WAMP server, short open tag is enabled.
OUTPUT
wrong password'; } } else { echo 'invalid username'; } } ?> `
THIS IS THE PHP CODE
<?php
if(isset($_POST['name'])){
//connecting to data base
$con=mysqli_connect("localhost:3306","root","","recommender");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$q = "select * from user where name ='".mysql_real_escape_string($_POST['name'])."'";
$res = mysql_query($q) or die("wrong query");
$row = mysql_fetch_assoc($res);
if(!empty($row))
{
if($_POST['password']==$row['password'])
{
$_SESSION['name']=$_POST['name'];
header('Localhost/home.html');
}
else
{
echo '<centre><font color="red">wrong password</font></centre>';
}
}
else
{
echo '<centre><font color="red">invalid username</font></centre>';
}
}
?>
you have a syntax error on
$q = "select * from user where name ='.mysql_real_escape_string($_POST['name'])."'";<br>
^^ lost "
solve this with
$q = "select * from user where name = '". mysql_real_escape_string($_POST['name']) . "'";
Change this line:
$q = "select * from user where name ='.mysql_real_escape_string($_POST['name'])."'";<br>
to
$q = "select * from user where name = `".mysql_real_escape_string($_POST['name'])."` LIMIT 1";