I want to do checking for my login form.
if(isset($_POST['SUBMIT']))
{
if($_POST['SUBMIT']=='Sign In')
{
if($_POST['username'] && $_POST['password'] && $_POST['txtbranch']) {
$username = addslashes($_POST['username']);
$password = addslashes($_POST['password']);
$txtbranch = addslashes($_POST['txtbranch']);
echo $txtbranch;
$query_callbranch=mysql_query("SELECT * FROM branch WHERE BRANCHID='$txtbranch' ")or die(mysql_error());
while($rowcallbranch=mysql_fetch_array($query_callbranch)){
$txtbranchname = $rowcallbranch['branchname'];
$txtbranchid = $rowcallbranch['branchid'];
echo $txtbranchname;
echo $txtbranchid;
$hash_pass = $password;
$query = mysql_query("select * from sysfile where username='".$username."', password='".$hash_pass."' and branchid='".$txtbranch."' limit 1");
$count_user = mysql_num_rows($query);
if($count_user==1){
$row = mysql_fetch_array($query);
$_SESSION['userid'] = $row['userid'];
$_SESSION['username'] = $row['username'];
$_SESSION['pin'] = $row['pin'];
$_SESSION['branchid'] = $_POST['txtbranch'];
}else{
$error = 'Error Username and Password.';
}
}
}
}
}
Will there be any error if I write like this?