database - Code not working while trying to pull user login data from form in php -
i created registration form works fine in php project undertaking. attempt use form, login form in pull username , password data user verify against database. getting parsing errors , other errors. haven't started validation yet haven't got basics in ready.
i don't think i'm going right way or if it's silly mistake.
<edit remove important info> // check connection if (mysqli_connect_errno()) { echo "failed connect mysql: " . mysqli_connect_error(); } if (isset($_session['logged'])){ //already logged in //$url= 'x'; // page exit(); //ends script if user logged in } else { //not logged in or submitted } $user_name = mysqli_real_escape_string($con,$_post['username']); $pass = mysqli_real_escape_string($con,$_post['password']); $notify=""; if(isset($_post['notify_box'])){ $notify = $_post['notify_box']; $query=mysqli_query($con,"select * `websiteusers` username ='$user_name' , password ='$pass'"); $count = $mysqli_num_rows($query); //checks db $row = mysqli_fetch_array($query); if($count==0){ //db empty echo "sorry, password , username not in db. click here try again."; } else{ // pw , un match, user login success $_session['logged']=1; //start session $_session['username']=$user_name; //session data } // } // opening brace not found mysqli_close($con); exit(); } // opening brace not found ?>
edit
i found in form
<input name="user_name" type="varchar" >
which should
<input name="user_name" type="text">
also, use
$pass = mysqli_real_escape_string($con,$_post['pass']);
instead of
$pass = mysqli_real_escape_string($con,$_post['password']);
yet i'm unsure password line, since using md5
, plain text.
you may have set to:
$pass=md5($_post['pass']);
there few issues code.
you have missing quote @ end of '$user_name
where username ='$user_name
which needs changed to:
where username ='$user_name'
as missing semi-colon @ end of query. $query=mysqli_query("select....
and (for 1 thing) $username=form($_post['user_name']);
invalid, since form
considered function.
use $username=$_post['user_name'];
or better yet:
$username=mysqli_real_escape_string($con,$_post['user_name']);
a missing semi-colon @ end of $password=md5($_post['pass'])
a missing $con
@ beginning of query.
which included in complete rewrite below.
line rewrite:
$query=mysqli_query($con, "select * `websiteusers` username ='$user_name' , password ='$pass'" );
plus, noticed you're storing passwords using md5
. it's no longer recommended use this. using php's password function
complete rewrite:
n.b.: $url
variable has not been defined anywhere else, i'm unsure of functionality. plus there 2 unused ending braces }
@ end of code, commented out, along exit();
you may closing db connection prematurely placement of mysqli_close($con);
should faced error message. left in place, commented out , moved @ end of script.
please give try, hoping things fall place should.
<?php // create connection $con=mysqli_connect("x","x","x","x"); session_start(); //starts users session // check connection if (!$con) { die('connect error: ' . mysqli_connect_errno()); } //echo "1 record added"; if (isset($_session['logged'])){ //already logged in $url= 'http://danu6.it.nuigalway.ie/sm4business/browse.html'; // page exit(); //ends script if user logged in } else { //not logged in or submitted $username=mysqli_real_escape_string($con,$_post['user_name']); $pass=md5($_post['pass']); } // mysqli_close($con); // may being closed prematurely. $query=mysqli_query($con,"select * `websiteusers` username ='$user_name' , password ='$pass'"); $r = $mysqli_num_rows($query); //checks db $row = mysqli_fetch_array($query); if($r==0){ //db empty echo "sorry, password , username not in db. click here try again."; } else{ // pw , un match, user login success $_session['logged']=1; //start session $_session['username']=$user_name; //session data } // } // opening brace not found // exit(); // } // opening brace not found mysqli_close($con); // moved here ?>
Comments
Post a Comment