diff --git a/login.php b/login.php
index b400559..873674c 100644
--- a/login.php
+++ b/login.php
@@ -17,12 +17,15 @@
mysql_select_db("$db_name", $con)or die("cannot select DB");
// username and password sent from form
+ $myusername=$_POST['username'];
$mypassword=$_POST['password'];
$myemail=$_POST['email'];
// To protect MySQL injection (more detail about MySQL injection)
+ $myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myemail = stripslashes($myemail);
+ $myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$myemail = mysql_real_escape_string($myemail);
$mypassword = md5($mypassword);
@@ -36,7 +39,10 @@
if($count==1){
// Register $myusername, $mypassword and $myemail and redirect to file "login_success.php"
//$_SESSION["myemail"] = $myemail;
+ $_SESSION["myemail"] = $myemail;
+ $_SESSION["myusername"] = $myusername;
session_register("myemail");
+ session_register("myusername");
header("location:registeredarea.php");
exit;
}
diff --git a/registeredarea.php b/registeredarea.php
index dba770d..36ff30f 100644
--- a/registeredarea.php
+++ b/registeredarea.php
@@ -11,11 +11,14 @@