Lol you did way too much work. Just take away the while loop and when you make the $password variable at the very top, encrypt it to md5 there and then check the passwords in the MySQL query.

the way you check the password is very dangerous anyway. if you use sqlinjection on the username so you get all the table as result, you could try the password with every table's tuples!. username is unique, so why why the "while loop" and not just an if statement?

can someone help me with this coding? it gives me an Parse error: syntax error, unexpected T_ELSE on line 40 the coding is if ($loggedin == TRUE) { if ($rememberme=="on") setcookie("username", $username, time()+7200); else if ($rememberme == "") $_SESSION['username']='$userna­me'; { header("Location:welcome.php")­; exit() else header("Location incorrect.php") } }

why did you not use mysql_num_rows instead of while then loop the data then execute a statement???hehhe just asking :)

php academy thanks for all that you do for us , i think that you should team up with phpclass , many thanks

From Brazil

(P.S. I Think You Should Really Consider It)

HI mate , thank you , I am a novice php programmer , and this trick of sql injection I didn't know ,

A lot of webpage that I've seen , shows the script '$username' AND '$password' , witch is vulnerable. So , I think we must take care about the examples of codes over the internet , many of them can be vulnerable.

Many thanks from Brazil

I keep getting:

Notice: Undefined variable: username in = index p h p on line 19

Which is basicly:

($username&&$password)

@Jagatia i do all right but still there is inocorrect password combination error :@

Alex U r gre88888888 thanks for posting

nice im going to learn this soon on school.. ;D

nice one

thanks for these great tutorials

Nice tut Alex!

many thanks!

You're 100% welcome!

@phpacademy MY page is given incorrect password even i write the right one

@phpacademy please help me buddy