I've made a php login script and it just not works.
my code :
<?php
function clean($str) { /* sanatize strings for databases & security */
$str = trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
if (!empty($_POST['login_admin'])) {
$username = clean($_POST['name']);
$password = clean($_POST['password']);
try {
$dbh = new PDO('mysql:host=localhost;dbname=imedia', "imedia", "imedia");
$statement = $dbh->prepare("SELECT * FROM administratori WHERE username =:username AND parola =:password");
$statement->execute(array(":username" => $username, ":password" => md5($password)));
$row = $statement->fetch();
if ($row) {
session_start("imedia_admin");
$_SESSION['imedia_admin']['logname'] = $row['username'];
$_SESSION['imedia_admin']['password'] = $row['password'];
echo json_encode("success");
} else {
echo json_encode("error");
}
$dbh = null;
} catch (PDOException $e) {
print "Error!: " . $e->getMessage() . "<br/>";
die();
}
}
?>
problem is in clean function, if a do not use it, my code works, can anybody explain me what i am doing wrong please ?
