By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,670 Members | 1,554 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,670 IT Pros & Developers. It's quick & easy.

Validating Page: Eror message

P: 119

I am creating login page with validation.

i have index.php page with login box, for validating this login detail i m redirecting to login_validate.php.

Login_validate.php file code:
Expand|Select|Wrap|Line Numbers
  1. <?php 
  3. include ("config/config.php");
  4. $dbtable = "users";
  5. $resultvalue =0;
  6. $username = $_POST['usr_name'];
  7. $password = $_POST['usr_pass'];
  10. $result = mysql_query("SELECT * FROM $dbtable where user_name = '".$username."' and password = '".$password."'");
  11. $resultvalue = mysql_num_rows($result);
  12. $result;
  13. if($resultvalue>0)
  14. {
  15.  echo "<script>window.location='home.php'</script>";
  16. }
  17. else
  18. {
  19. echo "****************** Alertbox [error msg]**************";
  20. //echo "<script>window.location='error.php'</script>";
  21. }
  22. mysql_close();
  23. ?>
now what i want to do is i want to display alert box if the user detail is not true,

Can some one help me how to display alert box in that echo field please, i tried java script but, error in that.

Dec 30 '08 #1
Share this Question
Share on Google+
6 Replies

P: 137
Hello phpmagesh.
as far as i know you can do it with javascript.
Expand|Select|Wrap|Line Numbers
  1. <Script language="javascript">alert("wrong login attempt!");</script>
Good luck!

P.s. you better change this ($username = $_POST['usr_name'];) to
Expand|Select|Wrap|Line Numbers
  1. $username = strip_tags(mysql_real_escape_string($_POST['usr_name']));
It's much saver for your database!

Dec 30 '08 #2

P: 119


thanks for your knid help,

Can you tell me the actual difference for this code please, since i dont know about that so far,

($username = $_POST['usr_name'];) to

$username = strip_tags(mysql_real_escape_string($_POST['usr_name']));

Thanks in advance,

Dec 30 '08 #3

P: 137
Hey phpmagesh,
These are functions from php.
I always use the manual wich you can download from there site.
These are 2 functions to clean up the mess wich a bad user can insert into your database and hack you.
Try google on mysql_real_escape_string and strip_tags.

Watch your security, it's very important!
Maybe it helps if you read about sql injection and that kind of stuff.

Good luck!
Dec 30 '08 #4

P: 119
Hi djpaul,

Thank you for your kind information, this will be useful message for me about the sql injection. if possible can you tell me some sites where i can get this details similar to this since i m creating a dynamic website, Security is more important for me in my site.

Again thank you so much,

Dec 30 '08 #5

P: 137
Hmm, we have a magic word for it: Google!
Just type in: sql injection php and you find a lot of information about it.
I have an pdf who explains it but it's in dutch, so i think you can't read it... :)
Maybe you recognize the code's but that's not enough i think.

But as far as i know there are more of these pdf's arround the internet.
Try to look arround, if you are not shure if it's save you always can ask it here.
Some people helped me to a while ago, so now i help you and other people!

Good luck!
Dec 30 '08 #6

Expert 5K+
P: 5,058

For the record, the manual is also available online.
(See strip_tags and mysql_real_escape_string)

You can also read about SQL Injection in the manual.
PHP: SQL Injection - Manual
Dec 30 '08 #7

Post your reply

Sign in to post your reply or Sign up for a free account.