In the following code, data from html form is not received by php variables. The code directly executes if-else statement without waiting for input.
<?php
if(mysql_connect("localhost","root","")==false)
{
die ("Connection Failed");
}
mysql_select_db("fb");
$id=$_POST["email"];
$pwd=$_POST["password"];
$sql=mysql_query("SELECT* FROM admin WHERE id='$id' AND pass='$pwd'");
if($sql)
{
die ("Login");
}
else
{
die ("Failed");
}
?>
<!DOCTYPE html>
<html lang='en'>
<head>
<meta charset="UTF-8" />
<title>
HTML Document Structure
</title>
<!--<link rel="stylesheet" type="text/css" href="style.css" />!-->
</head>
<body>
<form method="POST">
<h1>Welcome</h1>
<div class="inset">
<p>
<label for="email">Login</label>
<input type="text" name="email" id="email">
</p>
<p>
<label for="password">PASSWORD</label>
<input type="password" name="password" id="password">
</p>
</div>
<p class="p-container">
<span>Forgot password ?</span>
<input type="submit" name="Login" id="Login" value="Log in">
</p>
</form>
</body>
</html>
I know this code is vulnerable to SQL injection but who care if its an home assignment. :)
The code directly executes if-else statement without waiting for input.
The reason being is that you have your entire code (HTML/PHP/SQL) inside one file with no conditional statement to control it.
Using your submit button's name element with if(isset($_POST['Login'])) will fix that.
Another option would be to use two seperate files. One with your form and the other with the PHP/SQL and setting action="handler.php" for your form's action.
<form method="POST"> is equivalent to <form method="POST" action=""> (self).
<?php
if(mysql_connect("localhost","root","")==false)
{
die ("Connection Failed");
}
mysql_select_db("fb");
$id=$_POST["email"];
$pwd=$_POST["password"];
if(isset($_POST['Login'])){
$sql=mysql_query("SELECT * FROM admin WHERE id='$id' AND pass='$pwd'");
if($sql)
{
die ("Login");
}
else
{
die ("Failed");
}
} // brace for if(isset($_POST['submit']))
?>
The following links will help you later on.
For passwords, CRYPT_BLOWFISH or PHP 5.5's password_hash() function. For PHP < 5.5 use the password_hash() compatibility pack.
Plus, mysqli with prepared statements, or PDO with prepared statements.
Always use error reporting this will help you to debug code.
Plus, use or die(mysql_error()) to mysql_query() instead of just the way you have it now. It will signal the actual error, should there be any.
The code directly executes if-else statement without waiting for input.
Then tell it to do those action after input.
if($_POST) {
$id=$_POST["email"];
$pwd=$_POST["password"];
$sql=mysql_query("SELECT* FROM admin WHERE id='$id' AND pass='$pwd'");
if($sql)
{
die ("Login");
}
else
{
die ("Failed");
}
}
I know this code is vulnerable to SQL injection but who care if its an home assignment.
Never give up security just because of the nature of the project. You'll fall into a trap, and then it will bite you later on in life. Make sure you secure your application irregardless of the project.
Related
My issue is when I go to this page to register (see picture below), the prompt "The email address...." appears right away even though I haven't typed anything yet. How do I remove that? Here's my code below.
<?php
$mysqli = mysqli_connect("localhost", "dbusername", "dbpassword", "dbtable");
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
} else {
$sql = "INSERT INTO tablename(firstname, lastname, email, password, age, gender, startdate) VALUES ('".$_POST["firstname"]."', '".$_POST["lastname"]."', '".$_POST["email"]."', PASSWORD('".$_POST["password"]."'), '".$_POST["age"]."', '".$_POST["gender"]."', now())";
$res = mysqli_query($mysqli, $sql);
if ($res === TRUE) {
echo "Your account '".$_POST["email"]."' has just been created. Thank you for joining us!<br/>";
echo "<br/>";
echo "<a href='userlogin.php'>Go to Login</a>";
} else {
echo "The email address '".$_POST["email"]."' is already in use, try again!";
}
mysqli_close($mysqli);
}
?>
<!DOCTYPE html>
<html>
<head>
<title>User Information</title>
<link rel="stylesheet" href="stylesheet.css">
</head>
<body>
<form method="post" action="">
<fieldset> <legend><h3> User Information </h3></legend>
<p><strong>First Name:</strong><br/>
<input type="text" name="firstname"/></p>
<p><strong>Last Name:</strong><br/>
<input type="text" name="lastname"/></p>
<p class="lowercase"><strong>Email:</strong><br/>
<input type="text" name="email"/></p>
<p><strong>Password:</strong><br/>
<input type="password" name="password"/></p>
<p><strong>Age:</strong><br/>
<input type="number" name="age"/></p>
<p><strong>Gender:</strong><br/>
<input type="radio" name="gender" value="male">Male
<input type="radio" name="gender" value="female">Female<br>
<p><input type="submit" name="submit" value="Create Account"/></p>
</fieldset>
</form>
</body>
</html>
The reason for this is your if/else logic.
The first if checks if the connection failed and if it didn't, it goes to the query and there most likely already exists a record, so it goes to the else showing that the record exists.
You need to first check if a record exists, then run the INSERT if it does not exist.
I need to state that your code is open to SQL injection. Use a prepared statement. Plus, don't store plain text passwords, use a safe hashing method.
Here are a few references for you to read:
SQL injection
Prepared statements
How to use password_hash
Check if a record exists:
check if row exists with mysql
Error checking that will serve you well:
Error reporting
MySQLi error
Edit:
You could also place your PHP before your HTML and check to see if the submit button was clicked and then if any inputs are not empty, run the PHP/Query.
Example:
if(isset($_POST['submit'])) {
// Run your code
} else {
// Do something else
}
<?php
session_start();
include("includes/db.php");
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Admin Login</title>
<link rel="stylesheet" href="css/bootstrap.min.css">
<link rel="stylesheet" href="css/login.css">
</head>
<body>
<div class="container"><!-- container starts-->
<form class="form-login" action="" method="Post"><!-- form-login starts-->
<h2 class="form-login-heading"> Admin Login</h2>
<input type="text" class="form-control" name="admin_email" placeholder="Email Address" required>
<input type="password" class="form-control" name="admin_pass" placeholder="Password" required>
<button class="btn btn-lg btn-primary btn-block" type="submit" name="admin_login">
Log In
</button>
</form><!-- form-login ends-->
</div><!-- container ends-->
</body>
</html>
<?php
if(isset($_POST['admin_login']))
{
$admin_email=mysqli_real_escape_string($con,$_POST['admin_email']);
$admin_pass=mysqli_real_escape_string($con,$_POST['admin_pass']);
$get_admin="select * from admins where admin_email='$admin_email' AND admin_pass=' $admin_pass'";
$run_admin=mysqli_query($con,$get_admin);
$count=mysqli_num_rows($run_admin);
if($count==1){
$_SESSION['admin_email']=$admin_email;
echo"<script>alert('You are logged in into admin panel')</script>";
echo"<script>window.open('index.php?dashboard','_self')</script>";
}
else{
echo"<script>alert('Email Or password is wrong')</script>";
}
}
?>
I have a problem in my query. In my login panel when i write the email and password which I have stored in my database the if condition fails and the else portion of the code is run even if I use the same password and email which I stored in my database.
I've just noticed that your query:
$get_admin="select * from admins where admin_email='$admin_email' AND admin_pass=' $admin_pass'";
has a space before the $admin_pass variable is used.
Try adjusting this to:
$get_admin="select * from admins where admin_email='$admin_email' AND admin_pass='$admin_pass'";
There's a space in your query where you pass in the admin password:
"AND admin_pass=' $admin_pass'"
should be:
"AND admin_pass='$admin_pass'"
Rather than fixing this bug though you should make some more major changes:
Don't build queries by manually appending variables passed in by your users otherwise you will be vulnerable to SQL injection attacks. You should be using prepared statements instead. See http://php.net/manual/en/mysqli.prepare.php. Although you are using mysqli_real_escape_string which will help prevent SQL-I its quite error prone compared to using prepared statements.
Don't store passwords in a database, you should at a minimum store them encrypted but preferably store a password hash instead. php even has 2 functions which do this for you password_hash to generate hashes: http://php.net/manual/en/function.password-hash.php and password_verify to check them: http://php.net/manual/en/function.password-verify.php
I'm trying to create a registration page. The page is successfully connected to phpMyAdmin database but it does not echo anything when i click the register button.
<html>
<head>
</head>
<body>
<?php
INCLUDE "connect.php";
INCLUDE "functions.php";
INCLUDE "titlebar.php";
?>
<div id="loginform">
<h1>Register</h1>
<form name="Register" action="register.php" method="post">
<?php
if(isset($POST["submit"])){
$username = $_POST["username"];
$password = md5 ($_POST["password"]);
if(empty($username) or empty($password)){
echo "<p>Fields Empty!</p>";
} else {
mysql_query("INSERT INTO login VALUES('',$username','$password','2','')");
echo "<p>Successfully Registered!</p>";
}
}
?>
<p>
<label for="username">Username: </label>
<input type="text" name="username" id="username"/></p><p>
<label for="password">Password: </label>
<input type="password" name="password" id="password"/></p><p>
<input type="submit" name="submit" value="Register" />
</p>
</form>
</div>
</body>
The problem is with the post method.
use $_POST instead of $POST
You have mysql error
Not: $username'
but '$username'
And next time display mysql errors with mysql_error().
At the beginning, I am not sure what isset($_POST['submit'] should return, but as already mentioned in the comments you missed a single quote.
Additionaly i would use:
$password = password_hash($_POST['password'],
md5 is deprecated and thus not safe. If you write a login script you can use password_verify(plainPW, hashPW)
You also need to specify a database and login into it. I recommend to look at the W3 Schools examples they are very in-depth and have good examples.
W3 school mysqli page
also write a die() at the end of your script and do not foregt to close the connection.
I am new to PHP and am trying to do Server Side Form Validation. There are two PHP files Login.php and Form.php. Registration is done in Login.php and Validation in Form.php. The idea is that Form.php will process the form data sent by Login.php
My problem: even if form fields are empty, the variables are still being inserted into the database.
I don't want to insert if its empty. Rather, it has to route back to Login.php with error messages stored as a session variable.
I have checked the Form fields using !isset() and empty in Form.php using an if..else clause. In the if..else clause you can find out if the form fields are empty, and if so, they must go the session variable clause (inside the if condition). Instead, it is going to the else condition and inserting the empty values in variables ('$username','$password','$phone','$mailid','$city') in to the database.
I have read previous questions for similar problem here and even checked Youtube for Server Side Validation. What did I do wrong? Is there a problem with the use of session variables. Kindly assist
Login.php:
<!Doctype HTML>
<html lang="en">
<head>
<meta charset="utf-8">
<link rel="stylesheet" type="text/css" href= "Form.css" />
<script src="Form.js" type="text/javascript"></script>
</head>
<body>
<?php
session_start();
$passworderr='';
if(isset($_SESSION["passworderr"])) {
$passworderr=$_SESSION["passworderr"];
}
?>
<div id="Outer">
<div id="left" >
<form action="/DatabaseDrivenWebpage/Form.php" method="POST" name="form">
<p><label>Username</label> <input type="text" name="regusername" placeholder="Your name"/> </p>
<p><label>Password</label> <input type="text" name="regpassword" placeholder="Password"/> </p>
<input type="Submit" value="Login" />
</form>
</div>
<div id="right">
<form action="/DatabaseDrivenWebpage/Form.php" method="POST" id="formm">
<p>*Username <input required name="username" type="text" /><?php //echo $usernameerr;?></p>
<p>*Password <input name="password" type="password" /> <?php echo $passworderr;?></p>
<p> *Phone <input name="phone" type="tel" /><?php //echo $phoneerr;?></p>
<p> *MailId <input name="mailid" type="email" /><?php //echo $mailiderr;?></p>
<p> *City <input name="city" type="text" /><?php //echo $cityerr;?></p>
<input type="Submit" value="Signup" />
</form></div></div></body></html>
Form.php:
<?php
session_start();
$dbservername='localhost';$dbname='mani';$dbusername='root';$dbpassword='';
$dbconn=mysqli_connect($dbservername,$dbusername,$dbpassword);
if(!$dbconn){
die("Connection failed:". mysqli_connect_error());
}
if(!isset($_POST["username"])) {
$_SESSION["usernameerr"]="UserName is required";
}
else{
$username=mysqli_real_escape_string($dbconn,$_POST["username"]);
}
if(!isset($_POST["password"])) {
$_SESSION["passworderr"]="Enter a password";
}
else{
$password=mysqli_real_escape_string($dbconn,$_POST["password"]);
}
if(!isset($_POST["phone"])) {
$_SESSION["phoneerr"]="Phone number is required";
}
else{
$phone=mysqli_real_escape_string($dbconn,$_POST["phone"]);
}
if(!isset($_POST["mailid"])) {
$_SESSION["mailiderr"]="Enter a valid mail id";
}
else{
$mailid=mysqli_real_escape_string($dbconn,$_POST["mailid"]);
}
if(!isset($_POST["city"])) {
$_SESSION["cityerr"]="Enter your resident city";
}
else{
$city=mysqli_real_escape_string($dbconn,$_POST["city"]);
}
$selected = mysqli_select_db($dbconn,"$dbname")
or die("Could not select examples".mysqli_error($dbconn));
if(isset($_POST["username"]) and isset($_POST["password"]) and isset($_POST["phone"]) and isset($_POST["mailid"]) and isset($_POST["city"]) )
{
$res=mysqli_query($dbconn,"Insert into user(username,password,phone,mailid,city) values('$username','$password','$phone','$mailid','$city')");
if($res)
{
header("location:Login.php");
}
}
else
{
print "Problem in inserting";
header("location:Login.php");
}
mysqli_close($dbconn);
?>
There are a bunch of ways to do this. A blank form field is present on the server side with an empty value. So in addition to checking if the variable is set, in your case you want to check if the value is non-empty.
One way to do that is to use the strlen function.
So an example for you is:
if(!isset($_POST["username"]) || strlen($_POST["username"]) == 0) {
NOTE: Do not use the empty function since the string "0" is considered 'empty'. Read the manual for other such cases.
You may want to consider using a helper function to do the determination. Basically something like this:
function DoesPostFormFieldHaveValue($formFieldName) {
return(
isset($_POST[$formFieldName])
&& strlen($_POST[$formFieldName]) > 0
);
}
First of all, session_start should always be the first line of the php page you need to use sessions on.
Also, I'm not sure why you are using so many session variables for storing errors. Instead of this, use a single session variable, declare it as array and store all the errors in it.
Here's your updated form :-
<?php
session_start();
if((isset($_SESSION['errors']))) //check if we have errors set by the form.php page
{
echo "Please fix the following errors";
foreach($_SESSION['errors'] as $error) //loop through the array
{
echo $error;
}
}
?>
<!Doctype HTML>
<html lang="en">
<head>
<meta charset="utf-8">
<link rel="stylesheet" type="text/css" href= "Form.css" />
<script src="Form.js" type="text/javascript"></script>
</head>
<body>
<div id="Outer">
<div id="left" >
<form action="/DatabaseDrivenWebpage/Form.php" method="POST" name="form">
<p><label>Username</label> <input type="text" name="regusername" placeholder="Your name"/> </p>
<p><label>Password</label> <input type="text" name="regpassword" placeholder="Password"/> </p>
<input type="Submit" value="Login" />
</form>
</div>
<div id="right">
<form action="/DatabaseDrivenWebpage/Form.php" method="POST" id="formm">
<p>*Username <input required name="username" type="text" /><?php //echo $usernameerr;?></p>
<p>*Password <input name="password" type="password" /> <?php echo $passworderr;?></p>
<p> *Phone <input name="phone" type="tel" /><?php //echo $phoneerr;?></p>
<p> *MailId <input name="mailid" type="email" /><?php //echo $mailiderr;?></p>
<p> *City <input name="city" type="text" /><?php //echo $cityerr;?></p>
<input type="Submit" value="Signup" />
</form></div></div></body></html>
Backend processing file :-
<?php
session_start();
$_SESSION['errors'] = array(); //declare an array
$dbservername='localhost';$dbname='mani';$dbusername='root';$dbpassword='';
$dbconn=mysqli_connect($dbservername,$dbusername,$dbpassword);
if(!$dbconn){
die("Connection failed:". mysqli_connect_error());
}
if((!isset($_POST["username"])) || (empty($_POST['username']))) {
$_SESSION["errors"][]="UserName is required"; //push error message to array if $_POST['username'] is empty or is not set
}
else{
$username=mysqli_real_escape_string($dbconn,$_POST["username"]);
}
if((!isset($_POST["password"])) || (empty($_POST['password']))) {
$_SESSION["errors"][]="Enter a password";
}
else{
$password=mysqli_real_escape_string($dbconn,$_POST["password"]);
}
if((!isset($_POST["phone"])) || (empty($_POST['phone']))) {
$_SESSION["errors"][]="Phone number is required";
}
else{
$phone=mysqli_real_escape_string($dbconn,$_POST["phone"]);
}
if((!isset($_POST["mailid"])) || (empty($_POST['mailid']))) {
$_SESSION["errors"][]="Enter a valid mail id";
}
else{
$mailid=mysqli_real_escape_string($dbconn,$_POST["mailid"]);
}
if((!isset($_POST["city"])) || (empty($_POST['city']))) {
$_SESSION["errors"][]="Enter your resident city";
}
else{
$city=mysqli_real_escape_string($dbconn,$_POST["city"]);
}
$selected = mysqli_select_db($dbconn,"$dbname")
or die("Could not select examples".mysqli_error($dbconn));
if(count($_SESSION['errors']) < 1) //check if the the $_SESSION['errors'] count is less than 1 (0), this means there are no errors.
{
$res=mysqli_query($dbconn,"Insert into user(username,password,phone,mailid,city) values('$username','$password','$phone','$mailid','$city')");
if($res)
{
header("location:Login.php");
}
}
else
{
print "Problem in inserting";
header("location:Login.php");
}
mysqli_close($dbconn);
?>
The thing about isset is that it checks if the variable exists, and therefore allows variables that contain an empty string, like you have. When the current form is submitted without any user input, it is submitting a whole bunch of variables containing empty strings.
Now the solution is to change all your isset() to empty() and that should solve your problem!
[Note] There is no need to use both isset() and empty() like this:
if(!isset($_POST['fieldname']) && !empty($_POST['fieldname']))
because empty() is doing everything that isset() does.
check like this:
if(!isset($_POST["username"]) && $_POST["username"]!="")
Your PHP code is checking for isset only, I don't see any empty check. isset will be always true in your case to either of the forms, as the form fields are submitting - just the values are blank.
To prevent empty insertions, add a !empty check to your conditions. Your conditional statements should look like this -
if(!isset($_POST['fieldname']) && !empty($_POST['fieldname']))
first of all a little advice. If you want to start a new project, I would advice you learn how to use PDO connection to MySQL Databases, and not MySQLi. As PDO is much better method, and secured (especially when using prepared statements).
Anyway, as I can see you are storing the errors in a multiple $_SESISON variables, but after you are finishing the validation checks, you are not doing a correct if statement.
Instead of doing that:
if(isset($_POST["username"]) and isset($_POST["password"]) and isset($_POST["phone"]) and isset($_POST["mailid"]) and isset($_POST["city"]) )
Do something like this:
if(!isset($_SESSION['usernameerr']) && !isset($_SESSION['passworderr']) && !isset($_SESSION['phoneerr'] && !isset($_SESSION['mailiderr'] && !isset($_SESSION['cityerr'])))
Should work.
Another think I'm advising is to unset the sessions of the errors, in your case I would do that in the end of the Login.php page. Just in case, so there won't be any problems if you fix the form inputs and submit it again.
Another thing, based on the unset idea. If you will do this, it would be much more cleaner way to change the setting of the error sessions instead of:
$_SESSION['cityerr']
to:
$_SESSION['errors']['cityerr']
So afterwards, you can clean the specific form error session in one command, like that:
unset($_SESSION['errors']);
Hope it helped ;)
if(isset($_POST['field_name']))
{
$field_name=$_POST['field_name']
}else
{
unset($_POST['field_name'])
}
I've written some html code, and once i tried to place some PHP inside it, anything below this sign ?> wouldn't appear!!! I have some pictures and text that wouldn't appear unless I place it above. I'm writing with Bootstrap 2.3 and phpMyAdmin 4.10. all languages. Thank you for your time in advance.
here is my code so far:
<!DOCTYPE html>
<html>
<head>
<link type="text/css" rel="stylesheet" href="bootstrap/css/bootstrap.css">
<link type="text/css" rel="stylesheet" href="bootstrap/css/myStyle.css">
<title>OJRA - Registration</title>
</head>
<body>
<div style="width:400px; height:400px; border-radius:5px; background-color:#aaa; margin-left:100px;">
<form action="" method="post" style="margin-left:20px;">
<h6>Username</h6>
<input type="text" name="username" placeholder="Your Username">
<h6>Password</h6>
<input type="password" name="usrPassowrd" placeholder="Your password">
<h6>Email</h6>
<input type="email" name="usrEmail" placeholder="Your Email"><br>
<input class = "btn btn-default" type="submit" value = "Register">
</form>
</div>
<div style="width:400px; height:400px; border-radius:5px; background-color:#aaa; margin-left:100px;">
<form action="" method="post" style="margin-left:20px;">
<h6>Username:</h6> <input type="text" name="username" placeholder="Your username">
<h6>Password:</h6> <input type="password" name="usrPassowrd" placeholder="Your password">
<input class = "btn btn-default" type="submit" value="Sign in">
</form>
<?php
define('INCLUDE_CHECK',true);
require 'connect.php';
$username = $_POST['username'];
if($username == "")
{
die("cannot go empty");
header("location:index.php");
exit;
}
$password = $_POST['usrPassword'];
$email = $_POST['usrEmail'];
$query = "insert into tz_members values('$username', '$password', '$email')";
mysql_query($query) or die(mysql_error());
?>
</div>
<img src="sexymotivation.jpg" style="margin-top:-800px; margin-right:10px;" class="pull-right">
</body>
</html>
A few things have already been outlined (as answers) that do make sense, however I spotted a few typos in your inputs that will prevent your form from working, plus a few other points.
Here are a few of my recommendations:
First, this (in 2 instances) has a typo in it name="usrPassowrd" which should read as name="usrPassword" to go with your existing $password = $_POST['usrPassword'];
As I stated in my original comments:
Comment #1: die("cannot go empty"); header("location:index.php"); exit; Your header won't do anything, because it DIE()'d and that will cease to go any further.
Comment #2: What I suspect is going on is, because you've got your entire code inside one big clump, and that if certain conditions aren't met... it still wants to keep going. Now, I suggest that you put a conditional statement wrapped around your PHP....
such as if(isset($_POST['submit'])){ // PHP } then add this to your submit button name="submit" --- I also suggest you split up your form and your PHP/SQL altogether and make it submit to another page instead, with the same conditional statement I've already outlined.
If you absolutely want to execute everything in one page, try the following:
Note: I borrowed the img src from user3009875's answer also.
(Rewrite)
<!DOCTYPE html>
<html>
<head>
<link type="text/css" rel="stylesheet" href="bootstrap/css/bootstrap.css">
<link type="text/css" rel="stylesheet" href="bootstrap/css/myStyle.css">
<title>OJRA - Registration</title>
</head>
<body>
<div style="width:400px; height:400px; border-radius:5px; background-color:#aaa; margin-left:100px;">
<form action="" method="post" style="margin-left:20px;">
<h6>Username</h6>
<input type="text" name="username" placeholder="Your Username">
<h6>Password</h6>
<input type="password" name="usrPassword" placeholder="Your password">
<h6>Email</h6>
<input type="email" name="usrEmail" placeholder="Your Email"><br>
<input class = "btn btn-default" type="submit" value = "Register">
</form>
</div>
<div style="width:400px; height:400px; border-radius:5px; background-color:#aaa; margin-left:100px;">
<form action="" method="post" style="margin-left:20px;">
<h6>Username:</h6> <input type="text" name="username" placeholder="Your username">
<h6>Password:</h6> <input type="password" name="usrPassword" placeholder="Your password">
<input class = "btn btn-default" name="submit" type="submit" value="Sign in">
</form>
<?php
// this below, will prevent a premature execution of code
if(isset($_POST['submit'])){
define('INCLUDE_CHECK',true);
require 'connect.php';
$username = $_POST['username'];
if($username == "")
{
die("cannot go empty");
// header("location:index.php"); // commented out
exit;
}
$password = $_POST['usrPassword'];
$email = $_POST['usrEmail'];
$query = "insert into tz_members values('$username', '$password', '$email')";
mysql_query($query) or die(mysql_error());
} // end brace for if(isset($_POST['submit']))
?>
</div>
<!-- commented out original img src -->
<!--
<img src="sexymotivation.jpg" style="margin-top:-800px; margin-right:10px;" class="pull-right">
-->
<!-- new img src by user3009875 in an answer given -->
<img src="sexymotivation.jpg" style="margin-top:100px; margin-right:10px;" class="pull-right">
</body>
</html>
You can't use header() there to perform a redirection because you've already outputted some HTML and PHP has flushed HTTP headers.
The reason that <img> disappeared is probably that you called die(). This function terminates the whole page at once.
If you see cannot go empty, you should check the form to make sure you posted username field. If you see some error message about MYSQL, it is mysql_query($query) that fails.
By the way, your code has a SQL Injection problem.
IT doesn't load below ?> because script fails. This is common behaviour when there is a bug.
Check tail -f /var/log/apache2/error.log on linux (terminal)
Check tail -f /var/log/apache2/error_log on max (terminal)
windows -> I have no idea... somewhere in C:\\
At this point:
die("cannot go empty");
you stop the script. The following PHP code will not be executed and the HTML will not be sent to the user.
It's possible that there is an error when executing your PHP code, that would prevent it from going through the rest of the file.
Using your browser's Developer Tools, check the contents of the HTML that was returned, it's possible that the last line could be an error message. If you have erorr_reporting off then it would write to your error log only.
/var/log/apache2/error.log is a common location for the error log file if you are using Apache on a Linux machine.
As a side note, that code you have is very dangerous, do not use data sent from the client directly in a SQL statement, you need to sanitize otherwise you make your web app vulnerable to SQL injection.
Consider using a prepared statement
http://php.net/manual/en/pdo.prepare.php
Try:
<img src="sexymotivation.jpg" style="margin-top:100px; margin-right:10px;" class="pull-right">
I think setting the top margin to -800px will cause it to disappear from the screen.
Also, make sure your image is of .jpg.