-
-
Save dennisdegryse/50a237b6a93c1514403f to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php // best practice: always have <?php at the top | |
| $host="localhost"; // Host name | |
| $username="root"; // Mysql username | |
| $password="root"; // Mysql password | |
| $db_name="account"; // Database name | |
| // Connect to server and select databse. | |
| $db = new mysqli($host, $username, $password, $db_name); | |
| // username and password sent from form | |
| $email=$_POST['email']; | |
| $password=$_POST['password']; | |
| // To protect MySQL injection (more detail about MySQL injection) | |
| $statement = $db->prepare('SELECT * FROM `member` WHERE `email` = ? AND `password` = ?'); | |
| $statement->bind_param('ss', $email, $password); | |
| $statement->execute(); | |
| // Mysql_num_row is counting table row | |
| $result = $statement->get_result(); | |
| // If result matched $username and $password, table row must be 1 row | |
| if($result->num_rows == 0) { | |
| $url = '../index.php'; | |
| } elseif (!array_key_exists('prod_id', $_POST)) { | |
| $url = '../members/' . urlencode($email) . '/index.php'; | |
| } else { | |
| $url = '../members/' . urlencode($email) . '/checkout.php?id=' . urlencode($_POST['prod_id']); | |
| } | |
| header("Location: $url"); | |
| exit(); | |
| ?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment