Syntax Login

9 06 2008

<?
session_start();
$user=$_POST[“user”];
$pass=$_POST[“pass”];
include ‘konek.php’;
$cekadm=mysql_query(“select * from admin where admin=’$user’ and pass=’$pass'”);
$cekmemb=mysql_query(“select * from member where member=’$user’ and pass=’$pass'”);
if ((mysql_num_rows($cekadm))==1){
session_register(‘user’);
header(“location:admin.php”);
}
elseif((mysql_num_rows($cekmemb))==1){
session_register(‘user’);
header(“location:member.php”);
}
else{
header(“location:gagallogin.php”);
}
?>

Iklan

Aksi

Information

One response

9 06 2008
Angga Lingga

“$cekadm=mysql_query(”select * from admin where admin=’$user’ and pass=’$pass’”);”

Sebaiknya kalo mengecek user lebih baik menggunakan sintaks sbb:

if(strcmp($password, $row[“password”]))
{
doSuccess();
}
else
{
echo(‘Password doest not valid! Please try again!’);
}

Soalnya kalo langsung username dan password diquery langsung memungkinkan nantinya terjadi SQL Injection.

Semoga membantu 😀

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s




%d blogger menyukai ini: