I know that there are a tons of related threads but none of them fixes my problem. i'm having a problem connecting to my database. I get the following error:
Access denied for user ''#'localhost' (using password: NO)
My code for register.php is the following:
<?php
require 'config.php';
if(isset($_POST['submit'])){
//does verification
$mail1 = $_POST['email1'];
$mail2 = $_POST['email2'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
if(($mail1 == $mail2) && ($pass1 == $pass2)){
//everything is k
$name = mysql_escape_string($_POST['name']);
$lname = mysql_escape_string($_POST['lname']);
$uname = mysql_escape_string($_POST['uname']);
$email1 = mysql_escape_string($_POST['email1']);
$pass1 = mysql_escape_string($_POST['pass1']);
$pass1 = md5($pass1);
//Checks if username is taken
$check = mysql_query("SELECT * FROM users WHERE uname = '$uname'")or die(mysql_error());
if (mysql_num_rows($check)>=1) {
echo "Username already taken";
} else {
mysql_query("INSERT INTO `users` (`first_name`, `last_name`, `username`, `mail`, `password`, `id`) VALUES ('$name', '$lname', '$uname', '$email1', '$pass1', NULL)") or die(mysql_error());
echo "Registration Successful";
} }
else {
echo "sorry, something doesn't match.";
}
} else {
//displays form
echo $form = <<<EOT
<form action="register.php" method="POST">
First Name: <input type="text" name="name" /><br />
Last Name: <input type="text" name="lname" /><br />
Username: <input type="text" name="uname" /><br />
Email: <input type="text" name="email1" /><br />
Confirm Email: <input type="text" name="email2" /><br />
Password: <input type="password" name="pass1" /><br />
Confirm Password: <input type="password" name="pass2" /><br />
<input type="submit" value="Register" name="submit" />
EOT;
}
?>
and my config.php is:
<?php
mysql_connect("localhost", "root", "");
mysql_select_db("MyDB");
?>
What to do? My PHP version is 5.6.27 and MySQL version is 5.6.33
Aside from the fact that you should be using mysqli functions instead of mysql for security reasons, have you checked:
Your MySQL username is correct?
That a password is not required?
The database you are connecting to is correct?
The do:
$db = mysql_connect("localhost", "root", "");
mysql_select_db("MyDB", $db);
And your queries should be:
$query = mysql_query("SELECT * FROM users WHERE uname = '$uname'", $db);
First of all, you'd better use mysqli or pdo (https://stackoverflow.com/a/12860046/2660794)
Once you have modified your code, you need to use the credentials you use to connect to database on your server (eg : the one you use for phpmyadmin).
I'd recommend using mysqli. For your case, the config.php would look like:
<?php
$mysqli = new mysqli("localhost", "root", "", "MyDB");
if(mysqli_connect_errno()){
printf("Connection Failed %s\n", mysqli_connect_error());
exit();
}
session_start();
if(isset($SESSION["REMOTE_ADDR"]) && $SESSION["REMOTE_ADDR"] != $SERVER["REMOTE_ADDR"]){
session_destroy();
session_start();
}
?>
and instead of "require", you'd do:
include ("config.php");
Hope this helped
Related
I think I am successfully connecting to my database by:
<?php
$user = 'root';
$pass = '9KSroMDjEqNmEYY4';
$db = 'chatservice';
$host = '127.0.0.1';
$conn = new mysqli($host, $user, $pass, $db, 3306) or die("Unable to connect");
if ($conn->connect_error){
die("Connection failed: " . $conn->connect_error);
}
?>
My question is how I would use the registration code to successfully add a user to the database. When entering the form I press register I do not get any error messages stating that the registration didn't succeed. It seems that the php code is not being reached after the initial connection. I am new to php and mySQL so any tips on formatting would be nice too!
<?php
require('connect.php');
if(isset($_POST['user']) && isset($_POST['password'])){
$user = $_POST['user'];
$id = $_POST['IDNUM'];
$password = $_POST['password'];
$query = "INSERT INTO 'users' (user ,IDNUM ,password) VALUES('$user', '$id', '$password')";
$result = mysqli_query($query);
if($result){
$msg = "Registered Sussecfully";
echo $msg;
}
else
$msg = "Error Registering";
echo $msg;
}
?>
<div class="register-form">
<title>Chat Page Start</title>
<form action="" methods="POST">
<p>
<label>Username: </label>
<input id="user" type="text" name="user" placeholder="user" />
</p>
<p>
<label>ID: </label>
<input id="IDNUM" type="text" name="IDNUM" placeholder="ID number" />
</p>
<p>
<label>Password: </label>
<input id="password" type="password" name="password" placeholder="password" />
</p>
<a class="btn" href="login.php">Login</a>
<input class="btn register" type="submit" value="Register" />
</form>
</div>
Another thing is how would I check the status of my database connection and where I should be checking this status?
your database connection is mysqli_connect and you execute the query in mysql_query is not proper.
<?php
require('connect.php');
if(isset($_POST['user']) && isset($_POST['password'])){
$user = $_POST['user'];
$id = $_POST['IDNUM'];
$password = $_POST['password'];
$query = "INSERT INTO 'users' (user ,IDNUM ,password) VALUES('$user', ' $id ', '$password')";
$result = mysqli_query($query,$conn);
if($result){
$msg = "Registered Sussecfully";
}
else
$msg = "Error Registering";
}
?>
You are connecting database using mysqli:
$conn = new mysqli('localhost', $user, $pass, $db, 3306) or die("Unable to connect");
And executing query using mysql:
$query = "INSERT INTO 'users' (user ,IDNUM ,password) VALUES('$user', '$IDNUM', '$password')";
$result = mysql_query($query);
I have a sign up function on a script and I've copied it over to a new project and changed the variables - form inputs, table/database names etc. and the script won't do anything.
Signup.php
<form class="form" action="register.php" method="POST" enctype="application/x-www-form-urlencoded">
<input type="text" value="" placeholder="Username" id="username" name="username" />
<input type="text" value="" placeholder="Email" id="Email" name="Email" />
<input type="password" value="" placeholder="Password" id="password" name="password" />
<input type="submit" id="signin" name="submit" />
</form>
Register.php
<?php
include('connectivity.php');
if (mysqli_connect_errno())
{
echo "Failed to connect to mysqli: " . mysqli_connect_error();
}
else
{
}
function newUser()
{
include ('connectivity.php');
$username = $_POST['username'];
$username_escaped = mysqli_real_escape_string ($db, $username);
$email = $_POST['email'];
$email_escaped = mysqli_real_escape_string ($db, $email);
$password = sha1($_POST['password']);
$password_escaped = mysqli_real_escape_string ($db, $password);
$query = "INSERT INTO users (username, email, password) VALUES ('$username_escaped', $email_escaped', '$password_escaped')";
include('connectivity.php');
$data = mysqli_query ($db, $query)or die(mysqli_error($db));
if($data)
{
}
}
function SignUp()
{
if(!empty($_POST['email']))
{
include('connectivity.php');
$query = mysqli_query ($db, "SELECT * FROM users WHERE email = '$_POST[email]'")
or die(mysqli_error());
if(!$row = mysqli_fetch_array($query))
{
newUser();
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.alert('User Registration Successful')
window.location.href='login.php';
</SCRIPT>");
}
else
{
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.alert('You are already a registered user!')
window.location.href='homepage.html';
</SCRIPT>");
}
}
}
if(isset($_POST['submit']))
{
SignUp();
}
?>
The form when submitted just goes to the blank php page (register.php) - no window alert messages pop up and no redirection occurs.
This script works perfectly on my other form, can anybody see why it doesn't work on this form?
Cheers for reading!
$_post['email'] Doesnt exists because you have set the name attribute to "Email"
Edit:
I forgot to mention the essence of my answer. the name and $_POST are case sensitive, so "email" != "Email"
try this:
$query = mysqli_query ($db, "SELECT * FROM users WHERE email = '$email'") or die(mysqli_error($db));
Here is the code for my entire index page, which includes a register and a login. For some reason, the register part works fine, and it is inserting correctly. Yet, the login part is not working, as whenever I call the $queryrun(mysql_query($query)) on the SELECT * FROM, it does not work.
<?php
require('includes/dbconnect.php');
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$password = $_POST['password'];
$password = md5($password);
$logemail = $_POST['logemail'];
$logpassword = $_POST['logpassword'];
$logpassword = md5($logpassword);
// Register Script
if (isset($firstname) && !empty($firstname) && !empty($lastname) && !empty($email) && !empty($password)) {
$query = "INSERT INTO users VALUES('', '$firstname', '$lastname', '$email', '', 'm', '9', '$password', 'bio'";
$queryrun = mysql_query($query);
} else {
echo 'Please fill out all of the form fields';
}
// Login Script
if (!empty($logemail) && !empty($logpassword)){
$query = "SELECT * FROM users WHERE email = '$email' AND password = '$password'";
$queryrun = mysql_query($query);
while ($row = mysql_fetch_assoc($queryrun)) {
$logemail = $row['logemail'];
}
echo $logemail;
$numrows = mysql_num_rows($query);
if ($numrows > 0){
echo 'User exists';
} else {
echo 'User does not exist';
}
} else {
}
?>
<html>
<head>
<title></title>
</head>
<body>
<form action="index.php" method="POST">
Firstname: <input type="text" name="firstname" /><br />
Lastname: <input type="text" name="lastname" /><Br />
Email: <input type="text" name="email" /><br />
Password: <input type="password" name="password" /><br />
<input type="submit" value="Submit" />
</form>
<br /><hr />
<br />
Login:<br />
<form action="index.php" method="POST">
Email:<input type="text" name="logemail" /><br />
Password: <input type="password" name="logpassword" /><br />
<input type="submit" value="Log in" /><br />
</form>
</body>
</html>
The connection to the database is fine because the register part code works, it's just the login code is returning nothing and saying that the user does note exist, when the user actually does exist
Your form field is $logemail while your mysql statement uses $email.
To get this working looks like you want:
$query = "SELECT * FROM users WHERE email = '$logemail' AND password = '$logpassword'";
But as John Conde mentions there are significant security issues.
What version of PHP are you using? This extension is deprecated as of PHP 5.5.0, you really should be using mysqli or PDO.
also
if (!empty($logemail) && !empty($logpassword)){
$query = "SELECT * FROM users WHERE email = '$email' AND password = '$password'";
you are checking for $logemail and $logpassword but putting $email and $password in the query string... also use {} in your strings for php variables. it helps keep string concatenation from getting confusing and you can use associated arrays in the string
echo "This is my string and this is the number {$number}. this is the value in my array: {$arrayvar["something"]}.";
can someone help me please, im trying to submit a form over 3 pages. theres 3 text area fields in each and im using session start to echo the form data other the pages.
so then at the end all i have to do is echo out the form data and insert it into the mysql table ptb_registrations.
for some reason though its not working and im getting the error updating database error. i have been working on this for a few hours im sorry to say and i can not figure it out. please can someone help me and show me where i might be going wrong.
page 1:
<?php
session_start();
?>
<form class="" method="post" action="register_p2.php">
<input type="text" id="first_name" name="first_name" placeholder="First Name" />
<input type="text" id="last_name" name="last_name" placeholder="Last Name" />
<input type="email" id="email" name="email" placeholder="Email" />
<input type="submit" value="Next >" />
</form>
page 2:
<?php
session_start();
// other php code here
$_SESSION['first_name'] = $first_name;
$_SESSION['last_name'] = $last_name;
$_SESSION['email'] = $email;
?>
<form name="myForm" method="post" action="register_p3.php" onsubmit="return validateForm()" >
<input type="text" id="date_of_birth" name="date_of_birth" placeholder="D.O.B 10/02/1990" />
<input type="text" id="number" name="number" placeholder="Mobile Number" />
<input type="text" id="confirm" name="confirm" placeholder="Are You a UK resident?" />
<input type="submit" value="Next >" />
</form>
page 3:
<?php
session_start();
// other php code here
$_SESSION['first_name'] = $first_name;
$_SESSION['last_name'] = $last_name;
$_SESSION['email'] = $email;
$_SESSION['dat_of_birth'] = $date_of_birth;
$_SESSION['number'] = $number;
?>
<form class="" method="post" action="register_p4.php">
<input type="text" id="display_name" name="date_of_birth" placeholder="Display Name" />
<input type="password" id="password" name="password" placeholder="Password" />
<input type="password" id="password2" name="password2" placeholder="Password (Confirm)" />
<input type="submit" value="Next >" />
</form>
page 4: (mysql function)
<?php
session_start();
// other php code here
$_SESSION['first_name'] = $first_name;
$_SESSION['last_name'] = $last_name;
$_SESSION['email'] = $email;
$_SESSION['dat_of_birth'] = $date_of_birth;
$_SESSION['number'] = $number;
$_SESSION['display_name'] = $display_name;
$_SESSION['password'] = $password;
?>
<?php
////// SEND TO DATABASE
/////////////////////////////////////////////////////////
// Database Constants
define("DB_SERVER", "localhost");
define("DB_USER", "root");
define("DB_PASS", "");
define("DB_NAME", "database");
// 1. Create a database connection
$connection = mysql_connect(DB_SERVER,DB_USER,DB_PASS);
if (!$connection) {
die("Database connection failed: " . mysql_error());
}
// 2. Select a database to use
$db_select = mysql_select_db(DB_NAME,$connection);
if (!$db_select) {
die("Database selection failed: " . mysql_error());
}
//////////////////////////////////////////////////////////////
$query="INSERT INTO ptb_registrations (ID,
first_name,
last_name,
email,
date_of_birth,
contact_number,
display_name,
password
)
VALUES('NULL',
'".$first_name."',
'".$last_name."',
'".$email."',
'".$date_of_birth."',
'".$number."',
'".$display_name."',
'".$password."'
)";
mysql_query($query) or die ('Error updating database');
?>
<?php
function confirm_query($result_set) {
if (!$result_set) {
die("Database query failed: " . mysql_error());
}
}
function get_user_id() {
global $connection;
global $email;
$query = "SELECT *
FROM ptb_registrations
WHERE email = \"$email\"
";
$user_id_set = mysql_query($query, $connection);
confirm_query($user_id_set);
return $user_id_set;
}
?>
<?php
$user_id_set = get_user_id();
while ($user_id = mysql_fetch_array($user_id_set)) {
$cookie1 = "{$user_id["id"]}";
setcookie("ptb_registrations", $cookie1, time()+3600); /* expire in 1 hour */
}
?>
<?php include ('includes/send_email/reg_email.php'); ?>
<? ob_flush(); ?>
please can someone help me and show me where i might be going wrong.
Your code itself is just horrible. Because:
1) You mix session and database responsibilities
2) You use mysql_query() for queries you do not expect a result-set. For INSERT, UPDATE, DELETE queries should be used mysql_unbuffered_query()
3) You do not escape values using mysql_real_escape_string() so that you're vulnerable to SQL injection
4) You use procedural code and global state
5) You use deprecated mysql_* functions instead of PDO or MySQLi
6) You use string concatenation instead of sprintf(), here:
)
VALUES(
'".$first_name."',
'".$last_name."',
'".$email."',
'".$date_of_birth."',
'".$number."',
'".$display_name."',
'".$password."'
7) You do not validate anything in $_SESSION and $_POST. What if you have set the variables and they do not exist?
8) Your query validation is wrong, here: confirm_query($result_set) {..
I'd better stop here.
So instead of coding this way, you'd really separate responsibilities.
For session, it should look like this:
File session.php
function seesion_init(){
if ( session_id() == '' ){
return session_start();
} else {
return true;
}
}
function session_set(array $values){
foreach($values as $key => $val){
$_SESSION[$key] = $val;
}
}
/**
* It will give you a confidence that you get an existing value
* #param string $key
*/
function session_get($key){
if ( isset($_SESSION[$key]) ){
return $_SESSION[$key];
} else {
throw new RuntimeException(sprintf('Accessed to non-existing session variable %s', $key));
}
}
File: dbconnection.php
<?php
define('HOST', '...');
define('USER', '...');
...
function connect(){
if ( ! mysql_connect(...) ){
die('...');
}
if ( ! mysql_select_db('DB_NAME_HERE') ){
die('...');
}
}
function query($query){
return mysql_query($query); //<- Should only be used for SELECT queries
}
function ub_query($query){
return mysql_unbuffered_query($query); // <- Should only be used for INSERT, DELETE, UPDATE queries
}
function fetch($result){
return mysql_fetch_assoc($result);
}
File: users.php
require_once('dbconnection.php');
connect();
/**
* Returns user id by his username
*
* #return array on success
* FALSE if email does not exists
*/
function get_user_id_by_email($email) {
$query = sprintf("SELECT `id` FROM `ptb_registrations` WHERE `email` = '$email' LIMIT 1", mysql_real_escape_string($email));
$result = ub_query($query);
if ( $result ){
return fetch($result);
} else {
return false;
}
}
and so on. The concept here is to separate responsibilities for each script and then use the "part" you need.
Back to the original question
You want to insert a value into the table? Then validate this value firstly. The problem is that you do not do that. Nothing more.
In page2.php you need set session as below.
because $first_name, etc.. did not declared.
page2.php
$_SESSION['first_name'] = $_POST['first_name'];
$_SESSION['last_name'] = $_POST['last_name'];
$_SESSION['email'] = $_POST['email'];
page3.php
$_SESSION['dat_of_birth'] = $_POST['date_of_birth'];
$_SESSION['number'] = $_POST['number'];
page4.php
$_SESSION['display_name'] = $_POST['display_name'];
$_SESSION['password'] = $_POST['password'];
in page4.php do one more variables declaration.
$first_name = $_SESSION['first_name'];
$last_name = $_SESSION['last_name'];
$email = $_SESSION['email']; etc...
then store it in database.
It is bad practice, this whole script but I believe your SQL error is because you are supplying an ID as null. ID is probably an integer and most likely auto increment. Do this instead:
$query="INSERT INTO ptb_registrations (
first_name,
last_name,
email,
date_of_birth,
contact_number,
display_name,
password
)
VALUES(
'".$first_name."',
'".$last_name."',
'".$email."',
'".$date_of_birth."',
'".$number."',
'".$display_name."',
'".$password."'
)";
Pge 1:
<form class="" method="post" action="register_p2.php">
<input type="text" id="first_name" name="first_name" placeholder="First Name" />
<input type="text" id="last_name" name="last_name" placeholder="Last Name" />
<input type="email" id="email" name="email" placeholder="Email" />
<input type="submit" value="Next >" />
</form>
No need of session_start here
Page2:
<?php
session_start();
// other php code here
$_SESSION['first_name'] = $_POST['first_name'];
$_SESSION['last_name'] = $_POST['last_name'];
$_SESSION['email'] = $_POST['email'];
?>
<form name="myForm" method="post" action="register_p3.php" onsubmit="return validateForm()" >
<input type="text" id="date_of_birth" name="date_of_birth" placeholder="D.O.B 10/02/1990" />
<input type="text" id="number" name="number" placeholder="Mobile Number" />
<input type="text" id="confirm" name="confirm" placeholder="Are You a UK resident?" />
<input type="submit" value="Next >" />
</form>
Added $_POST
Page 3:
<?php
session_start();
// other php code here
$_SESSION['dat_of_birth'] = $_POST['date_of_birth'];
$_SESSION['number'] = $_POST['number'];
?>
<form class="" method="post" action="register_p4.php">
<input type="text" id="display_name" name="date_of_birth" placeholder="Display Name" />
<input type="password" id="password" name="password" placeholder="Password" />
<input type="password" id="password2" name="password2" placeholder="Password (Confirm)" />
<input type="submit" value="Next >" />
</form>
Added $_POST $_SESSION['first_name'] = $_POST['first_name'];
No need to add this section again in page3 :
$_SESSION['first_name'] = $first_name;
$_SESSION['last_name'] = $last_name;
$_SESSION['email'] = $email;
Page 4:
<?php
session_start();
// other php code here
$first_name = $_SESSION['first_name'];
$last_name = $_SESSION['last_name'];
$email = $_SESSION['email'];
$date_of_birth = $_SESSION['dat_of_birth'] ;
$number =$_SESSION['number'];
$display_name = $_SESSION['display_name'];
$password = $_SESSION['password'];
?>
<?php
////// SEND TO DATABASE
/////////////////////////////////////////////////////////
// Database Constants
define("DB_SERVER", "localhost");
define("DB_USER", "root");
define("DB_PASS", "");
define("DB_NAME", "database");
// 1. Create a database connection
$connection = mysql_connect(DB_SERVER,DB_USER,DB_PASS);
if (!$connection) {
die("Database connection failed: " . mysql_error());
}
// 2. Select a database to use
$db_select = mysql_select_db(DB_NAME,$connection);
if (!$db_select) {
die("Database selection failed: " . mysql_error());
}
//////////////////////////////////////////////////////////////
$query="INSERT INTO ptb_registrations (ID,
first_name,
last_name,
email,
date_of_birth,
contact_number,
display_name,
password
)
VALUES('NULL',
'".mysql_real_escape_string($first_name)."',
'".mysql_real_escape_string($last_name)."',
'".mysql_real_escape_string($email)."',
'".mysql_real_escape_string($date_of_birth)."',
'".mysql_real_escape_string($number)."',
'".mysql_real_escape_string($display_name)."',
'".mysql_real_escape_string($password)."'
)";
mysql_query($query) or die ('Error updating database');
?>
<?php
function confirm_query($result_set) {
if (!$result_set) {
die("Database query failed: " . mysql_error());
}
}
function get_user_id() {
global $connection;
global $email;
$query = "SELECT *
FROM ptb_registrations
WHERE email = \"$email\"
";
$user_id_set = mysql_query($query, $connection);
confirm_query($user_id_set);
return $user_id_set;
}
?>
<?php
$user_id_set = get_user_id();
while ($user_id = mysql_fetch_array($user_id_set)) {
$cookie1 = "{$user_id["id"]}";
setcookie("ptb_registrations", $cookie1, time()+3600); /* expire in 1 hour */
}
?>
<?php include ('includes/send_email/reg_email.php'); ?>
<? ob_flush(); ?>
Assign session to variables :
$first_name = $_SESSION['first_name'];
mysql_* functions are deprecated use mysqli_* or PDO
You code is vulnerable to mysql_injection : use atleast mysql_real_escape_string
Alright, so recently I watched a tutorial and coded along with it in Notepad++. I am attempting a simple MYSQL login/register form, but when I login- it gives me the "Wrong U/P" error echo I wrote. It saves everything in the database as the md5 and stuff. Here is my codes.
register.php
<?php
require('config.php');
if(isset($_POST['submit'])){
//Preform the verification of the nation
$email1 = $_POST['email1'];
$email2 = $_POST['email2'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
if($email1 == $email2) {
if($pass1 == $pass2) {
//All good. Carry on.
$name = mysql_escape_string($_POST['name']);
$lname = mysql_escape_string($_POST['lname']);
$uname = mysql_escape_string($_POST['uname']);
$email1 = mysql_escape_string($_POST['email1']);
$email2 = mysql_escape_string($_POST['email2']);
$pass1 = mysql_escape_string($_POST['pass1']);
$pass2 = mysql_escape_string($_POST['pass2']);
$pass1 = md5($pass1);
$sql = mysql_query("SELECT * FROM `users` WHERE `uname` = '$uname'");
if(mysql_num_rows($sql) > 0) {
echo "Sorry, that user already exists!";
exit();
}
mysql_query("INSERT INTO `users` (`id`, `name`, `lname`, `uname`, `email`, `pass`) VALUES (NULL, '$name', '$lname', '$uname', '$email1', '$pass1')");
}else{
echo "Sorry, your passwords do not match<br><br>";
exit();
}
}else{
echo "Sorry, your emails do not match.<br><br>";
}
}else{
$form = <<<EOT
<form action="register.php" method="POST">
First Name: <input type="text" name="name" /><br />
Last Name: <input type="text" name="lname" /><br />
Username: <input type="text" name="uname" /><br />
Email: <input type="text" name="email1" /><br />
Confirm Email: <input type="text" name="email2" /><br />
Password: <input type="password" name="pass1" /><br />
Confirm Password: <input type="password" name="pass2" /><br />
<input type="submit" value="Register" name="submit" />
</form>
EOT;
echo $form;
}
?>
login.php
<?php
require('config.php');
if(isset($_POST['submit'])){
$uname = mysql_real_escape_string($_POST['uname']);
$pass = mysql_real_escape_string($_POST['pass']);
$pass = md5($pass);
$sql = mysql_query("SELECET * FROM `users` where `uname` = '$uname' and `pass` = '$pass'");
if(mysql_num_rows($sql) > 0){
echo "You are now logged in.";
exit();
}else{
echo "Wrong U/P combination";
}
}else{
$form = <<<EOT
<form action="login.php" method="POST">
Username: <input tye="text" name="uname" /><br>
Password: <input type="password" name="pass" /><br>
<input type="submit" name="submit" value="Login" />
</form>
EOT;
echo "$form";
}
?>
and config.php
<?php
mysql_connect("localhost", "X", "X");
mysql_select_db("X");
?>
The config.php code is correct, but I am not giving away X.
As you can see, this code echos out an error for login.php if it's incorrect. It gives me that error even if it is correct. I used MD5 hash passes, so please help!
Firstly, you're using the ` tag in there - this should be ' .
You need to either interpolate or concatenate your variables; i.e; instead of
mysql_query("INSERT INTO `users` (`id`, `name`, `lname`, `uname`, `email`, `pass`) VALUES (NULL, '$name', '$lname', '$uname', '$email1', '$pass1')");
use;
mysql_query("INSERT INTO 'users' ('id', 'name', 'lname', 'uname', 'email', 'pass') VALUES (NULL, '{$name}', '{$lname}', '{$uname}', '{$email1}', '{$pass1}')");
Anyway, aside from some good practice, have a look at this line;
$sql = mysql_query("SELECET * FROM `users` where `uname` = '$uname' and `pass` = '$pass'");
Just a small typo ruining everything for you. Change SELECET to SELECT , and you should be good to go.
Best of luck!
Eoghan
you don't need the following lines:
$email2 = mysql_escape_string($_POST['email2']);
and
`$pass2 = mysql_escape_string($_POST['pass2']);`
2. run SELECET * FROM users in order to see that the user/pwd really made it to the DB
3. add echo "$uname $pass <br>"; to the login form to make sure that it passed correctly
The other two answers are correct, but you have a more fundamental issue with this: you are using the old, deprecated mysql_* functions. Those functions are an old, procedural interface to MySQL and don't support the modern features of that RDBMS. I suggest using mysqli or PDO for an OOP approach to database access.
If you are going to stick to this ancient code, you should at least use mysql_real_escape_string() instead of mysql_escape_string().