Consult the following using the mssql_num_rows()
function.
$query_check = "SELECT * FROM Accounts WHERE AccountName='$username' AND Password='$password'";
$results = mssql_query($query_check);
if(mssql_num_rows($results) > 0){
echo "Exists.";
}
else{
echo "Sorry.";
}
Plus I suggest you change:
<input type="text" name="password" value="" />
to
<input type="password" name="password" value="" />
as you will be exposing passwords in plain viewable text.
You're presently open to SQL injection.
You should be using bound parameters.
Read the following articles:
On Owasp.org: https://www.owasp.org/index.php/Top_10_2013-Top_10
Passwords
I noticed that you may be storing passwords in plain text. This is not recommended.
Consider using one of the following:
- CRYPT_BLOWFISH
crypt()
bcrypt()
scrypt()
- On OPENWALL
- PBKDF2
- PBKDF2 on PHP.net
- PHP 5.5's
password_hash()
function. - Compatibility pack (if PHP < 5.5) https://github.com/ircmaxell/password_compat/
Other links: