<?phpob_start();$host = "lolhost";$db_name = "loldbname";$user = "lolu

1.  
2. <?php
3. ob_start();
4. $host = "lolhost";
5. $db_name = "loldbname";
6. $user = "loluser";
7. $password = "lolpassword";
8. $tbl_name="loltable"; // Table name
9.  
10. // Connect to server and select databse.
11. mysql_connect("$host", "$user", "$password")or die("cannot connect");
12. mysql_select_db("$db_name")or die("cannot select DB");
13.  
14. // Define $myusername and $mypassword
15. $myusername=$_POST['myusername'];
16. $mypassword=$_POST['mypassword'];
17.  
18.  
19. // To protect MySQL injection (more detail about MySQL injection)
20. $myusername = stripslashes($myusername);
21. $mypassword = stripslashes($mypassword);
22. $myusername = mysql_real_escape_string($myusername);
23. $mypassword = mysql_real_escape_string($mypassword);
24.  
25. $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
26. $result=mysql_query($sql);
27.  
28. // Mysql_num_row is counting table row
29. $count=mysql_num_rows($result);
30. // If result matched $myusername and $mypassword, table row must be 1 row
31.  
32. if($count==1){
33. // Register $myusername, $mypassword and redirect to file "login_success.php"
34. session_register("myusername");
35. session_register("mypassword");
36. session_register();
37. header("location:login_success.php");
38. }
39. else {
40. echo "Invalid username or password";
41. }
42.  
43. ob_end_flush();
44. ?>