You will want to talk to a security expert when dealing with site security, that's a bit beyond the scope of these forums. StackOverflow<http://stackoverflow.com/>is likely to give you better advice on this. I can say, however, that your handling of the mysql login is unsecure, as it exposes you to SQL injection attacks (imagine what would happen if someone logged in with the username ""; DROP TABLE users;", see http://xkcd.com/327/ for an amusing take on the idea).
If you are just looking for a way to keep the login data intact, then you can use PHP's $_SESSION <http://www.php.net/manual/en/book.session.php>variable to store data across pages for the duration of the session. On Monday, April 15, 2013 11:41:17 AM UTC-4, elizerbertling wrote: > > thanks for your response, so now i have goo2.php and STPD.html > now i'm trying to have users log in function(*users.php)* in my project, > user can view task own department after enter their own username and > password, > How to link between users.php and STPD.html. > Sorry For My Bad English ><'' > > *Users table* > *id | username | password |* > * 1 AAA 111* > * 2 BBB 222* > * 3 CCC 333* > * 4 DDD 444* > * > * > *STPD Table* > *id | Department | number_worker* > * 1 X 16* > * 2 Y** 10* > * 3 Y** 15* > * 4 Z** 20** * > * > * > * > * > *users.php* > <?php > $host ="localhost"; > $user ="root"; > $pass = ""; > $db = "ecom"; > > mysql_connect($host, $user, $pass); > mysql_select_db($db); > > if (isset($_POST['username'])){ > $username = $_POST['username']; > $password = $_POST['password']; > $sql="SELECT * FROM users WHERE username='".$username."' and > password='".$password."' LIMIT 1"; > $result = mysql_query($sql); > > if (mysql_num_rows($result)==1){ > header("location:STPD.html"); > exit(); > }else{ > echo "Invalid login information. Please return to the previous page."; > exit(); > } > } > ?> > <html> > <head> > <title>Main Login Page</title> > </head> > <body> > <form method="post" action="users.php"> > Username:<input types="text" name="username" ><br /> > Password:<input types="text" name="password" ><br /> > <input type="submit" name="submit" value="Log In" /> > </form> > </body> > </html> > -- You received this message because you are subscribed to the Google Groups "Google Visualization API" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/google-visualization-api?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
