Error in php if, login authentication system

Question

Error in php if, login authentication system

Asked 6 years, 7 months ago

Viewed 215 times

1

Hello, then, I’m trying to make a simple login system with php and mysql, but it’s giving error in my if. I’ve moved... too much and nothing, when it seems right it does not authenticate you put any password q or login name and go. This is my code:

<?php 
$login = $_POST['nomel'];
 $senha = $_POST['senha'];


 include 'conexao.php';

 $busca = mysql_query("SELECT * from usuario where nm_login = '$login'");

 $reg = mysql_fetch_assoc($busca);

 if 
    ($login == $reg ['nm_login']) && ($senha == $reg ['nm_senha']) {
    # code...
    header("location: test.html");
 }
 else{
    echo "<center><b>Login Incorreto!</center>";
 }
 ?>

And this is the error message:

Parse error: syntax error, Unexpected '&' (T_BOOLEAN_AND) in E: IMPORTANT Usbwebserver V8.6 root NK authenticationLogin.php on line 13*

In this post, you find a registration and login system made using PHP PDO, well explained. http://maclaine.meximas.com/post/post.php?id=40

– Maclaine

2018/09/25 at 17:38

2 answers

Browser other questions tagged php mysql login if

You are not signed in. Login or sign up in order to post.

by Isac • **24,736** points · Answer 1 · 2017-11-08T23:15:34+00:00

There were some parentheses missing from if that has in the code, this:

if ($login == $reg ['nm_login']) && ($senha == $reg ['nm_senha']) {

Has a parenthesis for each comparison of if but there is not one that covers all the comparison.

See a simplified example of the Ideone error

You can do it like this:

if (($login == $reg ['nm_login']) && ($senha == $reg ['nm_senha'])) {
//-^--------------------------------------------------------------^

Or simplify and use only one parenthesis for the if whole:

if ($login == $reg ['nm_login'] && $senha == $reg ['nm_senha']) {

I strongly advise updating database functions to mysqli since mysql versions have been discontinued and no longer exist since php version 7.

You should also consider handling the input received in $login and $senha or use Prepared statements, because as has the code at the moment is susceptible to attacks from mysql Injection

by Romeu Gomes - Brasap • **119** points · Answer 2 · 2020-05-01T04:21:19+00:00

I believe that the code is more for didactic purposes, if as the colleague above said, he is facing attacks not only of SQL Injection. But for comparison, use the SQL search already returning only the user who has LOGIN AND PASSWORD already validated.

$busca = mysql_query("SELECT * from usuario where nm_login = '$login' and nm_senha='$senha'");

then just check if the query returned any results or empty....