Hey its my first programming experiences and i really need help, (creating login system), the code:
<?php
if ($_POST['submit']) {
if (!$_POST['email']) $error.="Please enter your email";
else if (!filter_var[$_POST['email']. FILTER_VALIDATE_EMAIL]) $error.="Please enter a valid email address";
if (!$_POST['password']) $error.="<br />Please enter your password";
else {
if (strlen($_POST['password'])<8) $error.="<br />Please enter a password with at least 8 characters";
if (preg_match('`[A-Z]`'.$_POST['password'])) $error.="<br />Please include at least one capital letter in your password";
}
if ($error) echo "There were error(s) in your signup details:".$error;
else {
$link = mysqli_connect("localhost", "usr", "pswrd", "database");
$query="SELECT = FROM users WHERE email='" .$_POST['email'].";
$result = mysqli_query($link, $query);
echo $results = mysqli_num_rows($result);
}
}
?>
<form method='post'>
<input type='email' name=email' id='email' />
<input type='password' name='password' />
<input type='submit' name='submit' value='Sign up' />
</form>
You’re vulnerable to SQL Injection as you’re not escaping the user submitted data. You really should be using prepared statements which eliminate the risk of SQL Injection attacks