I tried to put some traps but it didnt work. I can login with wrong username and password. What is the possible solution for this?
foreach ($result as $row) {
$acc_username=$row['acc_username'];
$acc_password=$row['acc_password'];
$acc_tableid=$row['table_id'];
}
if ($result == 0){
echo '
<div class="alert alert-danger">
<strong>Danger!</strong> This alert box could indicate a dangerous or potentially negative action.
</div>';
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.location.href='tableLogin.php';
</SCRIPT>");
}
else{
$_SESSION['table_number'] = $_POST['Make'];
$_SESSION['table_idd'] = $row['table_id'];
header("Location: customerLogin.php");
}
$update = "UPDATE tables SET login_status=1 WHERE table_id= $table_id";
if(mysql_query($update)){
}
}catch(PDOException $e) {
echo "Connection failed: " . $e->getMessage();
} ?>
I am not sure how you are doing your initial database query before the section of code that you posted but if you are doing fetchAll to get the rows out of the database then it may be a matter of replacing
if ($result == 0){
with
if (empty($result)){
to cater for no users found and errors in the SQL query.
Edit: I meant fetchAll
Try this:
if (empty($result) ){
or
if (count($result) == 0 ){
//show alert
}
else
{
//update login status
}