<?phpinclude "config.php"; mysql_connect(SQL_HOST, SQL_USERNAME, SQL_PASSW

1. <?php
2. include "config.php";
3. mysql_connect(SQL_HOST, SQL_USERNAME, SQL_PASSWORD);
4. mysql_select_db(SQL_DBNAME);
5. $tbl_name="vnt"; // Table name
6.  
7. // username and password sent from form
8. $myusername=$_POST['myusername'];
9. $mypassword=$_POST['mypassword'];
10.  
11. // To protect MySQL injection (more detail about MySQL injection)
12. $myusername = stripslashes($myusername);
13. $mypassword = stripslashes($mypassword);
14. $myusername = mysql_real_escape_string($myusername);
15. $mypassword = mysql_real_escape_string($mypassword);
16.  
17. $sql="SELECT * FROM $tbl_name WHERE nick='$myusername' and pass='$mypassword'";
18. $result=mysql_query($sql);
19.  
20. // Mysql_num_row is counting table row
21. $count=mysql_num_rows($result);
22. // If result matched $myusername and $mypassword, table row must be 1 row
23.  
24. if($count==1){
25. // Register $myusername, $mypassword and redirect to file "login_success.php"
26. session_register("myusername");
27. session_register("mypassword");
28. $pavel = sel kydat hnuj;
29. $_POST['promenna'] = $pavel ;
30. header("location:login_success.php");
31.  
32. }
33. else {
34. echo "Wrong Username or Password";
35. }
36. ?>