function getPost($name, $default = NULL) { if (!postSet($name)) { return $default; } return unescape_gpc($_POST[$name]); }
<html> <?php require_once 'studentdb.php'; $db_server = mysql_connect($host, $username, $password); if (!$db_server) { die("Unable to connect to MySQL: " . mysql_error()); } mysql_select_db($dbname) or die("Unable to select database: " . mysql_error()); if (postSet('user') && postSet('pass') && postSet('conf') && postSet('firstName') && postSet('lastName')) { if (getPost('pass') != getPost('conf')) { echo "<p style=\"color: red;\">Passwords do not match.</p>"; } else { $user = getPost('user'); $pass = getPost('pass'); $first = getPost('firstName'); $last = getPost('lastName'); $query = "select * from student_info where username=\"{$user}\";"; $result = mysql_query($query, $db_server); $row = mysql_fetch_row($result); if (!$row) { $query = "insert into student_info values('{$user}','{$pass}','{$first}','{$last}')"; if (!mysql_query($query, $db_server)) { echo "<p style=\"color: red;\">Failed to sign up!</p>"; } else { $_SESSION['user'] = $user; ?> <script type="text/javascript"> window.location = "home.php"; </script> <?php }
<html> <?php session_start(); require_once 'studentdb.php'; $db_server = mysql_connect($host, $username, $password); if (!$db_server) { die("Unable to connect to MySQL: " . mysql_error()); } mysql_select_db($dbname) or die("Unable to select database: " . mysql_error()); if (postSet('username') && postSet('password')) { $user = getPost('username'); $pass = getPost('password'); $query = "select * from student_info where username=\"{$user}\";"; $result = mysql_query($query, $db_server); if (!$result) { echo "<p style=\"color: red;\">Invalid username.</p>"; } else { $row = mysql_fetch_row($result); if ($row[1] != $pass) { echo "<p style=\"color: red;\">Incorrect username or password.</p>"; } else { $_SESSION['user'] = $user; ?> <script type="text/javascript"> window.location = "home.php"; </script> <?php } } } $_POST['username'] = "";