Just Add This Simple Code To your Admin system :)
$username=addslashes(trim($_POST[username]));
Or :
$username=addslashes(md5($_POST[username]));
Exsample :
<?php
session_start();include "connection_db.php";
$username=addslashes(trim($_POST[username]));$pass=$_POST[password];
$sql=mysql_query("SELECT * FROM user,kat_user WHERE username= '$username' AND password = '$pass' AND user.id_katuser = kat_user.id_katuser");$data=mysql_fetch_array($sql);$hasil=mysql_num_rows($sql);
if ($hasil > 0){
$_SESSION[username]=$data[username];$_SESSION[nama_user]=$data[nama_user];$_SESSION[id_katuser]=$data[id_katuser];$_SESSION[id_user]=$data[id_user];$_SESSION[nama_katuser]=$data[nama_katuser];
header('location:../menu.php?module=dashboard');}
else{header('location:../index.php');}
?>
session_start();include "connection_db.php";
$username=addslashes(trim($_POST[username]));$pass=$_POST[password];
$sql=mysql_query("SELECT * FROM user,kat_user WHERE username= '$username' AND password = '$pass' AND user.id_katuser = kat_user.id_katuser");$data=mysql_fetch_array($sql);$hasil=mysql_num_rows($sql);
if ($hasil > 0){
$_SESSION[username]=$data[username];$_SESSION[nama_user]=$data[nama_user];$_SESSION[id_katuser]=$data[id_katuser];$_SESSION[id_user]=$data[id_user];$_SESSION[nama_katuser]=$data[nama_katuser];
header('location:../menu.php?module=dashboard');}
else{header('location:../index.php');}
?>
What Is Add slash ?Here :)
0 komentar:
Posting Komentar