Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- include 'db.php';
- if (isset($_POST['action']) && $_POST['action'] == 'login') {
- $username=$_POST['username'];
- $password=$_POST['password'];
- /* Important: this "works", but you absolutely need to validate and escape strings before using them in a query.
- Also, the mysql extension is deprecated (old and not used anymore) so you should use mysqli or PDO instead
- */
- /* Here I just escape the strings to avoid SQL injection attacks, but it can be done better before finalizing the project */
- $username = mysql_real_escape_string($username);
- $password = mysql_real_escape_string($password);
- $query=mysql_query("SELECT users FROM ccmarket WHERE username='$username' AND password='$password'");
- $row=mysql_num_rows($query);
- if($row<=0)
- {
- echo 0;
- }
- else
- {
- echo 1;
- }
- }
- else
- {
- echo 2;
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement