[RESOLVED] sprintf+real escape string

Musclebundt

Hi all!

I'm have used all day to get this working..

<?php
  ob_start();
  session_start();

$db = mysql_connect("localhost", "*****", "******"); 
mysql_select_db("*****" , $db );


if($_SESSION['accesslevel']=='admin'){
	echo "Some text";
}else{


$username = $_POST['username'];
$password = $_POST['password'];
$pwd_md5 = md5($password);

$query = sprintf("SELECT username, password, accesslevel FROM usersystem WHERE username='%s' AND password='%s' LIMIT 1",
mysql_real_escape_string($username),
mysql_real_escape_string($pwd_md5));

$res = mysql_query($query);


if(mysql_num_rows($res)==1)
{
$row = mysql_fetch_array($res);
$_SESSION['accesslevel'] = $row['accesslevel'];
$_SESSION['username'] = $row['username'];
$_SESSION['projectname'] = $row['projectname'];
"Location: index.php?p=login");
}
else
{
	exit("blablabla.");

}
}
?>

I could really use your help!

laserlight

How does it not work?

Musclebundt

Bah I just found the embarrassing error 🙂

I must have deleted some of this line by mistake: "Location: index.php?p=login");

obviously that should be: header("Location: index.php?p=login");

It all works now, thanks anyway 🙂