Login In Jquery PHP - MYSQL


<script type="text/javascript" src="jquery.min.js"></script>
<script type="text/javascript">
$(document).ready(function() {
$("#submit").click(function() {
var username = $("#username").val();
var password = $("#password").val();
if(username=='' || password=='' ){
alert("Please enter the username and password");
else {
type: "POST",
url: "login.php",
data: "username="+ username + "&password=" + password ,

beforeSend: function()
success: function(response)


return false;



<style type="text/css">
body{width:100%;font-family:"Trebuchet MS";margin:0;padding:0; }
h2 a{text-decoration:none;}
#warp{width:300px;margin:0 auto;margin-top:30px;}
.login{border:1px solid #CCC;float:left;width:300px;}
#sucess{padding:5px 0;color:#999;text-align:center;background:#BEFF7D;width:300px;}
#error{padding:5px 0;color:#FFF;text-align:center;background:#FF5353;width:300px;}


<div id="warp">
<div id="display"><a href="javascript:void(0)" id="close">x</a></div>
<div class="login">
<h3 align="center">Login</h3>
<div style="border-bottom:1px solid #CCC;"></div>

<form method="post" name="form" action="">
<p align="center">Username&nbsp; <input name="username" type="text" id="username" /></p>
<p align="center">Password&nbsp; <input name="password" type="password" id="password" /></p>
<p align="center"><input type="submit" name="submit" value="submit" id="submit" /></p>


$db = mysql_connect('localhost','root','') or die ("Unable to connect to Database Server.");
mysql_select_db ('demo', $db) or die ("Could not select database.");

$query = mysql_query("select * from login where username='$username' and password='$password' ")or die(mysql_error());
$data = mysql_fetch_row($query);
echo '<div id="sucess">sucess</div>';}
else {
echo '<div id="error">Invaild User</div>';}


1 comment:

  1. Your solution is ripe with security concerns such as:
    1. No mention of posting the data over SSL
    2. Your password is stored in plaintext
    3. You are not validating your input at all, or parameterizing your username/password so they could easily be injected
    4. mysql_select_db (and all counterparts) is deprecated as of PHP 5.5 and will be removed in future versions