Do not display the name of the unit, what to do? The user has his own unit, this unit is found in the table with the password and login, how to pull it out from there?

User page:

<?php session_start(); echo "Добро пожаловать, ".$_SESSION['username']."!"; echo "Твой Бакуган, ".$_SESSION['bakugan']."!"; ?>

And login verification:

 <?php session_start(); $host = ""; $username = ""; $password = ""; $db_name = ""; $tbl_name = ""; mysql_connect($host, $username, $password) or die("can't connect"); mysql_select_db($db_name) or die(mysql_error()); $username = $_POST['username']; $password = $_POST['password']; $sql = "SELECT `username`,`bakugan` FROM $tbl_name WHERE username='$username' and password='$password'"; $result = mysql_query($sql); $count = mysql_num_rows($result); if($count==1) { session_register("username"); session_register("password"); header("location:login_success.php"); $_SESSION['username'] = $username; $_SESSION['bakugan'] = $bakugan; } else{ echo "Неверный логин или Пароль"; }

PS knes, sorry the last stupid question)))

  • 2
    Attack of the clones? =) - knes
  • Nah, I changed my name)) - k0mar

1 answer 1

 <?php and password='$password'"; /* пароль в открытом виде хранится? О_о */ $_SESSION['bakugan'] = $bakugan; /* Переменная бакуган не задана. Вы извлекаете имя бакугана из БД, но не присваиваете какой-то левой переменной бакуган значения. Нехорошо. Правильно так:*/ if($count==1) { $userinfo = mysql_fetch_object($result); session_register("username"); session_register("password"); header("location:login_success.php"); $_SESSION['username'] = $userinfo->username; $_SESSION['bakugan'] = $userinfo->bakugan; } ?>