login script trouble ?

developer

Hello!

I have this pass word validatation, but if a user hits submit without enter any username or password he/she is forwardet to the protected pages anyway. 🙁

<?php

$dbh=mysql_connect ("localhost", "idealgr_aris", "mastoras") or die ('I cannot connect to the database because: ' . mysql_error()); 
mysql_select_db ("idealgr_orders");

$Query = "SELECT * FROM members WHERE username='$username' && password='$password'" or die (mysql_error());


$Result = mysql_db_query ("idealgr_orders", $Query, $dbh) or die (mysql_error());

if($row=mysql_fetch_array($Result))
		{
		setcookie("userstatus", "inside");
		setcookie("idnumber", "$row[id]");
		header ("Location: user.php");
		mysql_close($dbh); 
}else{
?>

<A HREF="userlogin.html">ËÜèïò username Þ password. ÐñïóðáèÞóôå ðÜëé.</A>


<?php
}
?>

LordShryku

Using "and" in SQL is actually the word AND, not &&. Also, using or die() on your $Query variable isn't doing any good, becuase it is just a string. And the query function is mysql_query, not mysql_db_query, so...

// Change

$Query = "SELECT * FROM members WHERE username='$username' && password='$password'" or die (mysql_error()); 
$Result = mysql_db_query ("idealgr_orders", $Query, $dbh) or die (mysql_error()); 

// To

$Query = "SELECT * FROM members 
          WHERE username='".$username."'
          AND password='".$password."'";
$Result = mysql_query($Query) or die("ERROR: ".mysql_error());

developer

Thanks for the help.