-1
//Connect to mysql server
//Sanitize the POST values
$login =($_POST['user']);
$password =($_POST['password']);
if($login!="" && $password!=""){
//Create query
$qry="SELECT * FROM customerinfo WHERE Username='$login' AND Password='$password'";
$result=mysql_query("SELECT * from customerinfo where Username='$login' and Password='$password' And Status <> 'Deactivated'");
$row=mysql_fetch_array($result);
$count=mysql_num_rows($result);
if($count==1){
session_start();
($_SESSION['CustomerID']=$row['CustomerID']);
//////////delete all in cart
$del=mysql_query("delete from customercart");
echo '<meta http-equiv="refresh" content="1; url=index.php">';
echo'<font style="color:green">Login successfully. <a href="index.php">click here</a> if not redirected.</font>';
} Else{ echo'Password or wrong user! Need help ? has no kk'; } } Else{ echo'Input username and password!'; }
?></body
The error of this line as parameter error...
$result=mysql_query("SELECT * from customerinfo Where Username='$login' and Password='$password' And Status <> 'Deactivated'");
There are several errors in your code, first the variables are not "Sanitize", can occur sqlinjection, second, the API (functions) with prefix
mysql_are obsolete and have been removed in php7 onwards, one should use the newer prefixed APImysqli_. Third, we cannot reproduce your code, to formulate a question that people can help you is necessary to formulate a [mcve] (READ the link). Thank you for understanding.– Guilherme Nascimento