Hi all,
The following script works fine by allowing me to set a session variable with the users password, but i can seem to extract other information that isnt included in the $_POST.
I know usually i would use something like
while ($row = mysql_fetch_array($sql))
{
$user_type = $row['user_type'];
}
but when i do i just get a blank screen when submitting.
This is the code that works (without the bit above).
// username and password sent from form
$user_email=$_POST['user_email'];
$user_password=$_POST['user_password'];
// To protect MySQL injection (more detail about MySQL injection)
$user_email = stripslashes($user_email);
$user_password = stripslashes($user_password);
$user_email = mysql_real_escape_string($user_email);
$user_password = mysql_real_escape_string($user_password);
echo $sql="SELECT * FROM $tbl_name WHERE user_email='$user_email' and user_password='$user_password'";
$result=mysql_query($sql);
///////////////////I PUT THE WHILE IN HERE////////////////////
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_start();
$_SESSION['user_email'] = $user_email;
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>
Am i putting it in the wrong place?