Open FirdousBhat opened 7 years ago
deprecated SQL code used
modified code
$username = $_POST['username']; $password = $_POST['password']; $username = stripslashes($username); $password = stripslashes($password); $username = $mysqli->escape_string($_POST['username']); $password = $mysqli->escape_string($_POST['password']); $_SESSION['login_username']=$username; $sql = "SELECT usertype FROM users WHERE userid='$username' and password='$password'"; $result = mysqli_query($mysqli); $count = mysqli_num_rows($result); $type = mysqli_fetch_array($result); $control = $type['usertype'];
pls update the code