0

I need simple php login form with sql express. I am using sql express 2012.

I tried the below coding:

<?php include 'connection.php'; ?>
<?php
session_start(); 
$username = $password = $userError = $passError = $database='';
if (isset($_POST['username']) and isset($_POST['password'])){
$username = $_POST['username'];
$password = $_POST['password'];
$sql= "SELECT * FROM uinfo WHERE username='$username' and   store='$password'";

$stmt = sqlsrv_query( $conn, $sql );
if( $stmt === false) {
die( print_r( sqlsrv_errors(), true) );
}

}

?>
Donald Duck
  • 8,409
  • 22
  • 75
  • 99
Scorpion_RJ
  • 41
  • 1
  • 7
  • Could you supply the HTML that goes with it? And also what errors did you see? – Nick Fallows Feb 27 '17 at 17:11
  • **Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure you ***[don't escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Feb 27 '17 at 17:33
  • 1
    [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***. Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Feb 27 '17 at 17:33
  • Thnks for advising... actually m new to php and this is test script. will take care of this in future. thnks – Scorpion_RJ Feb 27 '17 at 17:45
  • You should add not only what you tried, but also what happened.... – Nanne Feb 28 '17 at 13:28
  • there's no actual question here....or a problem description...or anything much that's useful, really. – ADyson Feb 28 '17 at 14:23

0 Answers0