Script going in to infinite loop. Need help!

jwebdd · May 1, 2010, 1:46pm

Seem something in my script is causing it to loop infinitely and I am hoping some one can help me figure it out.

Here is the code. It is a simple login script:


<?php
include("config.php");
session_start();
if ($_SESSION['id']!=""){
header("Location: add_category.php");
exit;
}

if (isset($_POST['submit'])){
$name=trim($_POST['name']);
$pass=trim($_POST['password']);
$sql="SELECT id, username, password FROM user_login WHERE username='".$name."' AND password='".$pass."'"; 
$result=mysql_query($sql);

while($abc=mysql_fetch_array($result)){


if($name==$abc[username] && $pass==$abc[password]){
$userid=$abc['id'];
$_SESSION['id']=$userid;
{
header('Location:add_category.php');
}
} 

	


}
echo "Invalid username/Password<br/><br/>";
}

?>

DarthGuido · May 1, 2010, 2:02pm

I see no infinite loop. Unless the add_category.php script sends you back to the login script, etc. Or maybe the loop is in the add_category script?

By the way, you should sanitize your user input before using it in a query (in this case you can use mysql_real_escape_string).
And since you do a select for a specific username and password, there’s no use in checking their values in the while loop. They are the same, or the row wouldn’t have been selected by the query.
If the username is unique, you wouldn’t even have to do a while loop, it would be enough to check that a row has been returned.