login

Anon

when i'm trying to login, no matter the userid anda password are correct, or exist on the member table, it always direct me to index1.php page
help please
<?
$database="hilma";
$hostname="localhost";
$username="hilma76";
$passwd="123456";
$db=mysql_connect($hostname,$username,$passwd) or die ("cannot connected");
mysql_select_db($database,$db);
$sql="select userid, password from member where userid='$userid' and password='$password'";
if(!$result=mysql_query($sql,$db));
{
echo mysql_error();
}

if($userid != "" and $password != "")
{
setcookie("userid",$userid);
setcookie("password",$password);
header("location:index1.php");
}
else
{
echo "salah";
}
?>

Anon

try
$num=mysql_num_row($result) (chk to see correct syntax)
if($num==1 ) {
setcookie("userid",$userid);
setcookie("password",$password);
header("location:index1.php");
}
else
{
echo "salah";
}

this should work better

Anon

In your script there is only one thing that decides
to redirect, and that is this line:

if($userid != "" and $password != "")

No matter what happens in the database, if this line is true, you are redirected.

Think about exactly what needs to be true before you redirect.
If your username and password must be in the database,
you should check to see if they exist, and the redirection should depend on that.

If ($result=mysql_query("select * from table where username=username and password=password"))
{

yes they exist

}
else
{
#no they do not exist
};