Corrected versions as I see 'em below:
Code:<?PHP // Always use <?PHP to open tags, there's a reason PEAR compliance requires it. $user = "XXXXX"; $pass = "XXXXX"; $db = "XXXXXX"; $myserver = "XXXXX"; $connect = mysql_connect($myserver, $user, $pass) or die("Connect"); $select_db = mysql_select_db($db) or die("DB Selection"); ?>Personally, I've long been a fan of PEAR::DB both for portability across backends, as well as its error handling. There are other steps I would personally take here to ensure that the data is being sanitized, but I've covered that here before. :)Code:<?PHP session_start(); include "inc/connect.php"; if ( !empty($_POST['username']) && !empty($_POST['password']) ) { $username = $_POST['username']; $password = md5($_POST['password']; $username = htmlspecialchars($username); $username = stripslashes($username); $query = "SELECT * FROM tblUsers WHERE userName = '".$username."' AND userPassword = '".$password."'"; $result = mysql_query($query); $numResult = mysql_num_rows($result); if ( $numResult == 1) { $userInfo = mysql_fetch_array($result); $_SESSION['sessionID'] = $userInfo['userID']; header("Location: http://www.xxx.ca/next.php"); exit; } } else { header("Location: http://www.xxx.ca/index.php"); exit; } ?> If you can read this, PHP is not being parsed correctly.
Reply With Quote