Validating Page: Eror message

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • phpmagesh
    New Member
    • Nov 2008
    • 119
    #1

    Validating Page: Eror message

    Hi

    I am creating login page with validation.

    i have index.php page with login box, for validating this login detail i m redirecting to login_validate. php.

    Login_validate. php file code:
    Code:
    <?php 

include ("config/config.php");
$dbtable = "users";
$resultvalue =0;
$username = $_POST['usr_name'];
$password = $_POST['usr_pass'];


$result = mysql_query("SELECT * FROM $dbtable where user_name = '".$username."' and password = '".$password."'");
$resultvalue = mysql_num_rows($result);
$result;
if($resultvalue>0)
{
 echo "<script>window.location='home.php'</script>";
}
else
{
echo "****************** Alertbox [error msg]**************";
//echo "<script>window.location='error.php'</script>";
}
mysql_close();
?>
    now what i want to do is i want to display alert box if the user detail is not true,

    Can some one help me how to display alert box in that echo field please, i tried java script but, error in that.

    Regards
    magesh
    Tags: None
    • djpaul
      New Member
      • Oct 2006
      • 137
      #2
      Hello phpmagesh.
      as far as i know you can do it with javascript.
      [code=html]
      <Script language="javas cript">alert("w rong login attempt!");</script>[/code]

      Good luck!

      P.s. you better change this ($username = $_POST['usr_name'];) to[code=php]
      $username = strip_tags(mysq l_real_escape_s tring($_POST['usr_name']));[/code]

      It's much saver for your database!

      Regards!
      paul
      Last edited by pbmods; Dec 31 '08, 02:00 AM. Reason: Added CODE tags.

        Comment

        • phpmagesh
          New Member
          • Nov 2008
          • 119
          #3
          Originally posted by djpaul
          Hello phpmagesh.
          as far as i know you can do it with javascript.

          <Script language="javas cript">alert("w rong login attempt!");</script>

          Good luck!

          P.s. you better change this ($username = $_POST['usr_name'];) to
          $username = strip_tags(mysq l_real_escape_s tring($_POST['usr_name']));

          It's much saver for your database!

          Regards!
          paul

          Hi,

          thanks for your knid help,

          Can you tell me the actual difference for this code please, since i dont know about that so far,

          ($username = $_POST['usr_name'];) to

          $username = strip_tags(mysq l_real_escape_s tring($_POST['usr_name']));

          Thanks in advance,

          Regards
          magesh

            Comment

            • djpaul
              New Member
              • Oct 2006
              • 137
              #4
              Hey phpmagesh,
              These are functions from php.
              I always use the manual wich you can download from there site.
              These are 2 functions to clean up the mess wich a bad user can insert into your database and hack you.
              Try google on mysql_real_esca pe_string and strip_tags.

              Watch your security, it's very important!
              Maybe it helps if you read about sql injection and that kind of stuff.

              Good luck!
              Paul

                Comment

                • phpmagesh
                  New Member
                  • Nov 2008
                  • 119
                  #5
                  Originally posted by djpaul
                  Hey phpmagesh,
                  These are functions from php.
                  I always use the manual wich you can download from there site.
                  These are 2 functions to clean up the mess wich a bad user can insert into your database and hack you.
                  Try google on mysql_real_esca pe_string and strip_tags.

                  Watch your security, it's very important!
                  Maybe it helps if you read about sql injection and that kind of stuff.

                  Good luck!
                  Paul
                  Hi djpaul,

                  Thank you for your kind information, this will be useful message for me about the sql injection. if possible can you tell me some sites where i can get this details similar to this since i m creating a dynamic website, Security is more important for me in my site.

                  Again thank you so much,

                  Regards
                  magesh

                    Comment

                    • djpaul
                      New Member
                      • Oct 2006
                      • 137
                      #6
                      Hmm, we have a magic word for it: Google!
                      Just type in: sql injection php and you find a lot of information about it.
                      I have an pdf who explains it but it's in dutch, so i think you can't read it... :)
                      Maybe you recognize the code's but that's not enough i think.

                      But as far as i know there are more of these pdf's arround the internet.
                      Try to look arround, if you are not shure if it's save you always can ask it here.
                      Some people helped me to a while ago, so now i help you and other people!

                      Good luck!
                      Paul

                        Comment

                        • Atli
                          Recognized Expert Expert
                          • Nov 2006
                          • 5062
                          #7
                          Hi.

                          For the record, the manual is also available online.
                          (See strip_tags and mysql_real_esca pe_string)

                          You can also read about SQL Injection in the manual.
                          PHP: SQL Injection - Manual

                            Comment

                            Previous template Next
                            Working...