Как защитить мою PHP-форму
<?php session_start(); require('connect.php'); if (isset($_POST['username']) and isset($_POST['password'])){ $username = $_POST['username']; $password = $_POST['password']; $query = "SELECT * FROM `user` WHERE username='$username' and password='$password' and uid=1"; $result = mysqli_query($connection, $query) or die(mysqli_error($connection)); $count = mysqli_num_rows($result); if ($count == 1){ $_SESSION['username'] = $username; }else{ //3.1.3 If the login credentials doesn't match, he will be shown with an error message. $fmsg = "Invalid Login Credentials."; } } if (isset($_SESSION['username'])){ $username = $_SESSION['username']; header('Location: user-register.php');?> <?php }else{ //3.2 When the user visits the page first time, simple login form will be displayed. ?> <div class="container"> <?php if(isset($fmsg)){ ?><div class="alert alert-danger"> <?php echo $fmsg; ?> </div><?php } ?> <h2 class="form-signin-heading">admin Login page</h2> <div class="input-group"> <span class="input-group-addon" id="basic-addon1">username:</span> </div> <div class="input-group"> Password <span class="input-group-addon" id="basic-addon1">Password:</span> </div> Login </div>
Что я уже пробовал:
для имени пользователя электронной почты и пароля или чего нибудь еще