<?php $db_host = "localhost";$db_username = "izzydog";$db_name = "challeng

1. <?php
2. $db_host = "localhost";
3. $db_username = "izzydog";
4. $db_name = "challenge1";
5. $db_password = "jumphost";
6. $tbl_name = "database1"; // Table name]
7. $database1 = 'database1';
8.  
9.  
10. // Connect to server and select database.
11. $conn = mysql_connect("localhost", "izzydog", "jumphost")or die("cannot connect");
12. mysql_select_db("challenge1",$conn)or die("cannot select DB");
13.  
14.  
15.  
16. // username and password sent from form
17.  
18. $myusername=$_POST['myusername'];
19. $mypassword=$_POST['mypassword'];
20.  
21. // To protect MySQL injection (more detail about MySQL injection)
22. $myusername = stripslashes($myusername);
23. $mypassword = stripslashes($mypassword);
24. $myusername = mysql_real_escape_string($myusername);
25. $mypassword = mysql_real_escape_string($mypassword);
26.  
27. $sql="SELECT * FROM $database1 WHERE username='$myusername' AND password='$mypassword'";
28. $result=mysql_query($sql);
29.  
30. // Mysql_num_row is counting table row
31. $count=mysql_num_rows($result);
32. // If result matched $myusername and $mypassword, table row must be 1 row
33.  
34.  
35. if($count==1){
36. session_register('myusername');
37. session_register('mypassword');
38. header('location:login_success.php');
39. }
40. else {
41. echo 'Wrong Username or Password';
42. }
43.  
44. ?>