2 Replies Latest reply: Nov 27, 2010 8:48 PM by Fumph RSS

    Echo Link not working

    Fumph Community Member

      On my page I have the option to sign up. When you sign up it automatically creates a PHP cookie saying your logged in. And it changes the header script to say log out. but when I click log out it goes straight to my hosting website. It doesn't display an error so I think my link is bad but I don't see anything wrong here's my code on the sign up page:

       

      <?php

      $con = mysql_connect([login details deleted by moderator]);
      if (!$con)
        {
        die('Could not connect: ' . mysql_error());
        }
      mysql_select_db([deleted by moderator], $con);

      $sql="INSERT INTO accounts (username, email, password)
      VALUES
      ('$_POST[newUser]','$_POST[newEmail]','$_POST[newPass]')";

      if (!mysql_query($sql,$con))
        {
        die('Error: ' . mysql_error());
        }
      echo "Account Added!";

      setcookie("user_logged_in", "<a href='../index.html'>Home</a> | <a href='../log_out.php'>Log Out</a> | You are logged in!", time()+3600);

      </php>

       

      And when you click Log Out its supposed to go to "log_out.php" but it doesn't! Does anyone know how I could fix this problem?

        • 1. Re: Echo Link not working
          David_Powers CommunityMVP

          First of all, you should never, ever post the login details of your database in a public forum. It's an open invitation to be hacked.

           

          Secondly, your code after echoing "Account added!" doesn't make any sense. To start with, you can't call setcookie() after sending output to the browser (with echo, for example). Secondly, you're storing the links in the cookie. You should just store something like the user's logged in status. Finally, you're using </php> to close the PHP block.

           

          The other problem with your code is that you're inserting user input directly into your database without sanitizing it. This lays you open to the dangers of SQL injection.

           

          You should pass all $_POST variables to mysql_real_escape_string() before using them in a SQL query.

           

          Take a look at the PHP manual for mysql_real_escape_string() and setcookie().

          • 2. Re: Echo Link not working
            Fumph Community Member

            Oh my goshh! sorry completly forgot about those details! Sorry, but thank

            you I fixed it!