This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 6 years ago.
Hi! The objective of this code is to log-in to a website. This code has no error but still doesn't redirect to a profile page. Please, help. Thank you!
<?php
include("dbconnect.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "post")
{
$username = $_POST['student'];
$password = $_POST['password'];
$query=mysqli_query($dbconfig,"SELECT * FROM members WHERE sn=$username AND pw=$password");
$row=mysqli_fetch_array($query,MYSQLI_ASSOC);
$count=mysqli_num_rows($query);
if($count==1)
{
$_SESSION['login_user']=$username;
header("location: main.php");
}
else
{
$error="Username or Password is invalid";
}
}
?>
You need to write you query like this
$query=mysqli_query($dbconfig,"SELECT * FROM members WHERE sn='".$username."' AND pw='".$password."'");
Your query doesn't work. Try with SELECT * FROM members WHERE sn='$username' AND pw='$password'
And also after you execute the query check if the are some errors with
if(!$query)
die(mysqli_error($dbconfig));
P.S. sanitize username and password before inserting them in a query
Related
This question already has answers here:
Reference - What does this error mean in PHP?
(38 answers)
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Closed 5 years ago.
I am writing a login form with PHP and Mysql.
I did everything its just the forgot password that is not working.
It sends me email confirmation but it does not update the password in the database.
First is the forgot page, then sends an email and redirect me to the confirm_pass.html page where is the form for the two passwords and on this page executes the confirm_pass.php where is doing everything, except updating the password in the database.
Please help.
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// Make sure the two passwords match
if ( $_POST['newpassword'] == $_POST['confirmpass'] ) {
$new_password = password_hash($_POST['newpassword'], PASSWORD_BCRYPT);
$email = $mysqli->escape_string($_POST['email']);
$confirm_code = md5(rand().$password);
$result = "UPDATE `mv_db`.`users` SET `password`='$new_password', `confirm`='$confirm_code' WHERE `email`='$email'";
if ( $mysqli->query($result) ) {
header("location: login.html");
}
}
else {
$_SESSION['message'] = " The two passwords you entered don't match, try again!";
header("location: error.php");
}
}
?>
Your $_POST['email'] is not defined, because there is no "email" field in your HTML form.
So nothing is updated in database, because there is no matching record.
This question already has answers here:
Can I mix MySQL APIs in PHP?
(4 answers)
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Reference - What does this error mean in PHP?
(38 answers)
Closed 5 years ago.
I have a project that requires creating a system for a given scenario using php and mySQL. Another requirement is that it has to have logins for different users.
In my implementation it fails to authenticate even with the right credentials. I am using mysqli for this implementation. There are no syntactical errors and the field names and entered credentials are all correct.
The code in question (login.php):
<?php
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Please enter a username and password";
} else {
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// Calls the 'connect.php' to connect to the database and select the database
require 'db/connect.php';
// To protect MySQL injection for Security purpose
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
// SQL query to fetch information of registerd users and finds user match.
$result = $db->query("SELECT * FROM `users` WHERE 'usr_pwd'='$password' AND 'usr_name'='$username'");
if ($result->num_rows == 1) {
$_SESSION['login_user']=$username; // Initializing Session
header("location: test.php"); // Redirecting To Other Page
} else {
$error = "Username or Password is invalid";
}
mysqli_close($db); // Closing Connection
}
}
?>
I've also linked the github repo to my code as is: https://github.com/gussippi/furniture-store
This question already has answers here:
Reference - What does this error mean in PHP?
(38 answers)
Closed 6 years ago.
i need to confirm login using Php and mysql. My codes keep bringing 'username and password not correct even when it is. Please where did i get it wrong.
HTML code looks like this
PHP code looks like this
enter image description here
Thank you
issue 1 : $user_name = $_POST['username']; you have used single quotes wrongly . Same for password in the screen shot. http://i.stack.imgur.com/FlUyR.jpg
issue 2 : mysqli_query($CONNECTIONHANDLER, $QUERY) but you are missing connectionhandler.
Full Code changes :
$username = mysqli_real_escape_string($con,$_POST['username']);
$password = mysqli_real_escape_string($con,$_POST['pass_word']);
$rs = mysqli_query($con, "Select username, pass_word from verify where username = '%s' and pass_word = '%s'", $username, $upassword);
$check_user = mysqli_num_rows($rs);
if($check_user>0){
echo "Logged in / valid user ";
} else {
echo "username / password incorrect";
}
change
'$_POST[username]' to $_POST['username'] and same goes for password.
You are actually assigned string values instead of getting them from $_POST array
Remove simple quote
$username = $_POST['username'];
$password = $_POST['pass_word'];
Keep in mind that POST input should ALWAYS be sanitized to avoid injection
I think you are doing it wrong. Also you just posted your username and password on the internet.
The query is redundant. You should just check for the presence of a user with such username and password (for example Select Count(*) from...)
the second control you are doing is superfluous. Also you are declaring a variable inside a while and you are trying to access those values from outside of it.
Also there are some syntactic errors like quotes and stuff that other users already suggested.
This question already has answers here:
Why does this PDO statement silently fail?
(2 answers)
Closed 6 years ago.
Im trying to update my data using php but it doesnt work, any ideas?
This is the code, this isnt the full code (its not done) but even the username cant be updated.
<?php
session_start();
include "dbconfig.php";
require "check.php";
if(!empty($_POST['user_name']) || !empty($_POST['user_email'])){
$user_name = trim($_POST['user_name']);
$user_email = trim($_POST['user_email']);
$count=$db_con->prepare("SELECT * FROM users WHERE user_id=:userid");
$count->bindParam(":userid",$_SESSION['user_session'],PDO::PARAM_STR,15);
$count->execute();
$row = $count->fetch(PDO::FETCH_OBJ);
$sql=$db_con->prepare("update users set user_name=:username where user_id='$row->user_id'");
$sql->bindParam(':username',$user_name,PDO::PARAM_STR, 32);
if($sql->execute()){
echo "Successfully updated Profile";
}
else{
print_r($sql->errorInfo());
}
else {
echo "No data inserted!"
}
include "home.php";
?>
I guess a syntax error in this Line
$sql=$db_con->prepare("update users set user_name=:username where user_id='$row->user_id'");
Corrected
$sql=$db_con->prepare("update users set user_name=:username where user_id="$row->user_id);
This question already has answers here:
The 3 different equals
(5 answers)
Closed 7 years ago.
i am trying to make a website using php with mysql database..
here is my code
<?php
$con=mysql_connect("localhost", "root", "");
mysql_select_db("mydatabase", $con);
$query = "INSERT INTO tblSecurity Values('".$_POST['txtUser']."','".$_POST['txtPass']."')";
$password = $_POST['txtPass'];
$confirm = $_POST['txtPassConfrm'];
mysql_query($query, $con);
if($password = $confirm)
{
Header("Location: Login.php");
}
else
{
echo"Verify your Answer";
}
?>
the problem is, how can i verify if the confirm password is same with the password inputted, this code works but it wont move to ELSE even the passwords are not the same. can anyone help me correct this please.. thanks
better practice is check two passwords are same in inputting stage.
here also code is correct , only mistake is php needs == instead of =.