I have this codes:
login.php
<div id="loginbox">
<table>
<form action="proses.php" method="POST">
<tr>
<td>Login:</td>
<td><input size="30px" type="text" name="username" value=""/></td>
</tr>
<tr>
<td>Password:</td>
<td><input size="30px" type="password" name="password" value=""/></td>
</tr>
<tr>
<td></td>
<td><input type="submit" value="OK"></td>
</tr>
</form>
</table>
</div>
proses.php
<?php
$servername = "localhost";
$username = "root";
$password = "";
$database = "rustoleum";
mysql_connect($servername, $username, $password) or die("Not connected");
mysql_select_db($database) or die("Not connected to the database");
/* the files */
// username and password sent from form
$username=$_POST['username'];
$password=$_POST['password'];
// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM user WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
echo $count;
// If result matched $username and $password, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("username");
session_register("password");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>
I wonder why the result is:
0Wrong Username or Password
I already type the username and password exactly as written in the database.