Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- PHP/SQL Select Statement Does Not Work
- <form action="checknumbers.php" method="post">
- <table width="50%" border="0">
- <tr>
- <td><label for="ni">National Insurance Number</label>
- </td>
- <td><span id="sprytextfield1">
- <input type="text" name="ni" id="ni" />
- <span class="textfieldRequiredMsg">*</span><span class="textfieldMaxCharsMsg">*</span></span></td>
- </tr>
- <tr>
- <td><br /><label for="ref">Reference Number</label>
- </td>
- <td><br /><span id="sprytextfield2">
- <input type="text" name="ref" id="ref" />
- <span class="textfieldRequiredMsg">*</span></span></td>
- </tr>
- <tr>
- <td> </td>
- <td><br /><br /><input name="" type="submit" value="Continue" /></td>
- </tr>
- </table>
- </form>
- <?php
- $host="localhost"; // Host name
- $username="**"; // Mysql username
- $password="**"; // Mysql password
- $db_name="***"; // Database name
- $tbl_name="public"; // Table name
- // Connect to server and select databse.
- mysql_connect("$host", "$username", "$password")or die("cannot connect");
- mysql_select_db("$db_name")or die("cannot select DB");
- $ni=$_POST['ni'];
- $ref=$_POST['ref'];
- // To protect MySQL injection (more detail about MySQL injection)
- $ni = stripslashes($username);
- $ref = stripslashes($password);
- $ni = mysql_real_escape_string($username);
- $ref = mysql_real_escape_string($password);
- $sql="SELECT * FROM $tbl_name WHERE ni ='$ni' AND ref='$ref' AND active = 'not_activated'";
- $result=mysql_query($sql);
- // Mysql_num_row is counting table row
- $count=mysql_num_rows($result);
- // If result matched $myusername and $mypassword, table row must be 1 row
- if($count==1){
- header("location:securityquestion.php");
- }
- else {
- echo '<hr><h4>Your National Insurance Number Or Reference Number Does Not Match</h4><hr><a href="register.html">Please try Again</a>';
- }
- ?>
- $ni=$_POST['ni'];
- $ref=$_POST['ref']; // To protect MySQL injection (more detail about MySQL injection)
- $ni = stripslashes($username);
- $ref = stripslashes($password);
- $ni = mysql_real_escape_string($username);
- $ref = mysql_real_escape_string($password);
- $ni= mysql_real_escape_string( stripslashes( $_POST['ni'] ) );
- $ref= mysql_real_escape_string( stripslashes( $_POST['ref'] ) );
- $ni = stripslashes($username);
- $ref = stripslashes($password);
- $ni = stripslashes($ni);
- $ref = stripslashes($ref);
Add Comment
Please, Sign In to add comment