2009/1/20 Chris Carter <chandan9sha...@yahoo.com>: > > Hi, > > My code is not giving error but not doing the desired action. > But it can do a lot more than your desired action.
> // insert new entry in the database if entry submitted > > $emailAddress = $_POST['emailAddress']; > $password = $_POST['password']; > $sql5 = "SELECT * FROM userstable WHERE > emailAddress='$emailAddress' AND > password = '$password'"; > $result5=mysql_query($sql5); Do yourself a favor and read this from A to Z: http://de3.php.net/manual/en/security.php Imagine I send the String: x' OR id=1/* What would the mysql read now? SELECT * FROM userstable WHERE emailAddress='x' OR id=1/*' AND ... everything after "/*" is not being parsed. > header("location:you-need-to-register.php"); correct would be header("location: http://foo/you-need-to-register.php";); > What exactly am I missing. http://php.net/docs.php Byebye -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
