Mencarta

So: <?php require("dbconnect.php"); //Database Connection Script //The Username & Password Sent From Form $username = $_POST['username']; $password = $_POST['password']; // To Protect Against MySql Injection $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $result = sprintf("SELECT * FROM 'users' WHERE username='%s' AND password='%s'",$username,$password); // Mysql_num_row is counting table row $count = @mysql_num_rows($result); // If result matched $username and $

I don't have a link to my website...In fact, you could help me with my website. Look in the PHP section.

I have a PHP login system. The database,table, and username + password exists. Yet I keep getting this error:Warning: Wrong parameter count for mysql_query() in /www/zzl.org/s/t/o/stockgame/htdocs/login.php on line 14 Wrong Username and/or Password. Can you help me? <?php require("dbconnect.php"); //Database Connection Script //The Username & Password Sent From Form $username = $_POST['username']; $password = $_POST['password']; // To Protect Against MySql Injection $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username)

I suppose the main site also tells you to use stripslashes()?

Just a friendly reminder here. If you are making a login system make sure you use: mysql_real_escape_string. This adds a '\' to characters like: ' and ". This prevents people like me from doing this on your password form: ' or 1=1. This closes off the password string and inserts a statement called "OR 1=1". If that happens it will satify the condition because 1 always equals 1. It could also be used to delete your database. Just a friendly reminder. Keep your code secure.