I have no idea what's going on. I usually have simple sign in pages like this done very quickly but this one isn't working and I cannot spot the error.
<?php
$con=mysql_connect("db_server","db_user","db_pass","db");
if (!$con)
{
echo "Failed to connect to MySQL: " . mysql_error();
}
$username = $_GET['username'];
$password = $_GET['password'];
$query="SELECT username FROM users ";
//$query.="WHERE `username`=".$username;
//$query.=" AND `password`=".$password;
echo "query=".$query."<br/>";
$result = mysql_query($query, $con);
echo "result=".$result."<br/>";
if($result){
$row = mysql_fetch_assoc($result);
$data = $row['username'];
echo "data=".$data;
}else{
echo "something went wrong:".mysql_error();
}
mysql_close($con);
?>
im using mysql_* instead of mysqli_* as the server im running it on is 5.2; not sure if that is relevant but I was getting an unrecognized function error originally.
There is only one entry in the database. As I said, I use the regular SQL code through phpmyadmin and i get the results i need.
Also not sure if relevant. I'm echoing $result and nothing comes out. Isnt it supposed to echo "false"?
You have a major error in your logic, for one. If there is an error connecting to MySQL, you print the error, but yet proceed to query the broken connection - you are also not selecting a database.
Also, this approach is for PHP4. Unless you are stuck in PHP4 on this project, moving into the PHP5 world would be a good idea.
I recommend looking into PDO:
http://www.php.net/manual/en/book.pdo.php
As for not getting errors, check your error_reporting and display_errors settings in your .ini
Try this one.
<?php
$con=mysql_connect("db_server","db_user","db_pass");
mysql_select_db("db");
if (!$con)
{
echo "Failed to connect to MySQL: " . mysql_error();
}
$username = $_GET['username'];
$password = $_GET['password'];
$query=mysql_query("SELECT username FROM users");
if($query){
$row = mysql_fetch_assoc($query);
$data = $row['username'];
echo $data;
}else{
echo "something went wrong:".mysql_error();
}
mysql_close($con);
?>
Related
for some reason my login script in php keeps returning invalid results, I'm using PHPMYADMIN to handle the database and mysqli to connect however whenever I submit the data though a HTML form the values always return false even if the correct username and password combo is working.
<?php
$username = $_POST["username"];
$password = $_POST["password"];
$con = mysql_connect("localhost","cnathanielwcol","","login");
if(! $con){die('Connection Failed'.mysql_error());}
$result = mysqli_query("SELECT * FROM login");
$row = mysql_fetch_array($result);
var_dump($row);
if ($row["username"]==$username) {
echo "Correct Username<br>";
} else {
echo "Wrong Username<br>";
}
if ($row["password"]==$password) {
echo "Correct Password<br>";
} else {
echo "Wrong Password<br>";
}
echo "<br><br>Username Submited Via HTML: <b>" . $username . "</b>";
echo "<br>Password Submited Via HTML: <b>" . $password . "</b>";
?>
MySQL is deprecated from new version of PHP use
$con = mysqli_connect("localhost","cnathanielwcol","FKxIHHoWWtd4Q","login");
Firstly, you need to select a single row, not all the rows in your table, you'd do that by specifying a WHERE clause, currently, you are trying to compare an array of values to a string which should be throwing an error if error reporting is enabled.
Secondly, you are mixing to different APIs, mysql_* is not mysqli_*.
Thirdly, it doesn't seems as though you are hashing your passwords, please, do so.
Fourthly, make use of prepared statements, it seems as though you are still learning so it would be best to start using them now.
Reading Material
OWASP's Password Storage Cheat Sheet
OWASP's PHP Security Cheat Sheet
Could you use mysqli_* please? You might be having a problem with your html form maybe
Change
$con = mysql_connect("localhost","cnathanielwcol","FKxIHHoWWtd4Q","login");
With
$con = mysqli_connect("localhost","cnathanielwcol","FKxIHHoWWtd4Q","login");
Your are trying to fetch the data with mysqli and your database connection is established by mysql
your full code:
$username = $_POST["username"];
$password = $_POST["password"];
$con = mysqli_connect("localhost","cnathanielwcol","","login") or die('connection is not establised'.mysqli_error($con));
$result = mysqli_query($con,"SELECT * FROM login WHERE username='$username' AND password='$password'");
$rowCheck=mysqli_num_rows($result);
if ($rowCheck>0) {
// fetch all data
//start session
echo "you are logged in ";
}
else{
echo 'username or password did not match';
}
Use hash password.your code is not safe.
GYZ i dont know why data is not inserting in my data base #Mysql
. infact im using mysqli_connect and mysql_connect both ,I'm still facing same prob ..this is my code:
<?php
$servername = 'localhost';
$username = 'root';
$password = '';
$db='school';
#mysqli_connect($servername, $username, $password);
#mysqli_select_db($db); //or die ('not Connect to db ');
if(isset($_GET['submit'])) {
$sid= $_GET['sid'];
$sname= $_GET['sname'];
$fname= $_GET['fname'];
$order= #mysqli_query("insert into school (sid,sname,fname) values ('$sid','$sname','$fname');");
if ($order) {
echo '<br>Input data is successful';
} else {
echo '<br>Input data is not valid';
}
} ?>
I revisited the question and posted the following, seeing that nobody posted one.
You didn't pass the db connection to mysqli_select_db() nor for mysqli_query() and need to assign a variable to the connection first.
Both of those require it in mysqli_ and you may have been accustomed to mysql_ in the past. MySQLi_ is different than MySQL_ when it comes to certain functions that needs a connection.
Sidenote: The # symbol is an error suppressor. Remove it during testing/development.
Another sidenote: Both your database and table bear the same name of school. Make sure that this is correct.
<?php
$servername = 'localhost';
$username = 'root';
$password = '';
$db='school';
$connect = mysqli_connect($servername, $username, $password, $db);
if($connect){
echo "Connected";
}
else {
echo "Error: " . mysqli_error($connect);
}
// This isn't needed. You can pass all 4 parameters in one shot.
// $database = mysqli_select_db($connect, $db); //or die ('not Connect to db ');
if(isset($_GET['submit'])) {
$sid= $_GET['sid'];
$sname= $_GET['sname'];
$fname= $_GET['fname'];
$order= mysqli_query($connect, "INSERT INTO school (sid,sname,fname) VALUES ('$sid','$sname','$fname');");
if ($order) {
echo '<br>Input data is successful.';
} else {
// Uncomment the one below once everything is ok.
// echo '<br>Input data is not valid.';
// Comment this below once there are no errors.
echo "There was an error: " . mysqli_error($connect);
}
}
References:
http://php.net/manual/en/function.mysqli-connect.php
http://php.net/manual/en/mysqli.select-db.php
http://php.net/manual/en/mysqli.query.php
Check for errors also via PHP and the query:
http://php.net/manual/en/mysqli.error.php
http://php.net/manual/en/function.error-reporting.php
And make sure you're running this off a webserver, or if local that PHP/MySQL are installed, running properly and using http://localhost as opposed to file:///.
Your code is also open to an SQL injection, use a prepared statement.
References:
https://en.wikipedia.org/wiki/SQL_injection
https://en.wikipedia.org/wiki/Prepared_statement
Footnotes:
You seem to want to use this in a table. <form> cannot be child of <table> if you are using those tags outside of the form which wasn't posted in your question; there are stray <td></td> tags.
hi guys thanks if you can tell me what error i need help guys thanks for help me
<?php
$servername = "localhost"; $username = "root"; $password = "";
$dbname = "kurd";
mysql_connect("localhost","root","","kurd") or die ("not connect data base");
mysql_select_db("kurd") or die ("no found table");
if(isset($_POST['submit'])){
$name = $_POST['name'];$lastname = $_POST['lastname'];
$password =_POST['password'];
$query =" INSERT INTO kurdstan (name,lastname,password) VALUES ('$name','$lastname','$password')";
if(mysql_query($query)){
echo "<h3>THANKS FOR INSERT DATA GOOD LUCK</h3>";
}
}
?>
In your code add an else to,
if(mysql_query($query)){
echo "<h3>THANKS FOR INSERT DATA GOOD LUCK</h3>";
}
resulting in,
if(mysql_query($query)){
echo "<h3>THANKS FOR INSERT DATA GOOD LUCK</h3>";
}
else {
echo 'MYSQL Error: ' . mysql_error();
}
and you will probably see an error instead of your message which should help you to track down the problem.
NOTE
The mysql extension is now depreciated, you should use mysqli http://php.net/manual/en/book.mysqli.php or PDO http://php.net/manual/en/book.pdo.php. You should also read up on SQL injection - your data needs escaping before being used in a query string.
I have an assignment where I have to make a registration page in php.... I just want to keep things simple so making the form work is all I'm aiming for. I am aware of the vulnerability of sql injections/plaintext, but that's the last of my worries for now since it's a class assignment.
The script below works as far as inserting new users/passwords, but if there's an existing user, the page is blank and doesn't give a warning. I'm looking for help in giving the error "Sorry, this user already exists" shown on the screen (or something).
Thanks :D.
<?php
define('DB_HOST', 'localhost');
define('DB_NAME', '////////');
define('DB_USER','/////////');
define('DB_PASSWORD','///////////');
$con=mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die("Failed to connect to MySQL: " . mysql_error());
$db=mysql_select_db(DB_NAME,$con) or die("Failed to connect to MySQL: " . mysql_error());
function NewUser() { $userName = $_POST['user']; $password = $_POST['pass']; $query = "INSERT INTO UserName (userName,pass) VALUES ('$userName','$password')"; $data = mysql_query ($query)or die(mysql_error()); if($data) { echo "YOUR REGISTRATION IS COMPLETED..."; } } function SignUp() { if(!empty($_POST['user'])) {
$query = mysql_query("SELECT * FROM UserName WHERE userName = '$_POST[user]' AND pass = '$_POST[pass]'") or die(mysql_error());
if(!$row = mysql_fetch_array($query)))
{ newuser(); }
else { echo "SORRY...YOU ARE ALREADY REGISTERED USER..."; } } } if(isset($_POST['submit'])) { SignUp(); } ?>
First, Its really important check your php_error_log or Add error reporting into the TOP of your file.
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
There is an extra closing parenthesis and you are calling an undefined function.
Assuming these are the errors, fix then with:
if(!$row = mysql_fetch_array($query)) {
NewUser();
}
else {
echo "SORRY...YOU ARE ALREADY REGISTERED USER...";
}
Also, consider using mysqli with prepared statements, or PDO with prepared statements, they're much safer.
Hope it helps you.
Thanks to #bcesars for the extra parenthesis fix. I thought there was something odd with the count.
After, I came up with a problem where the "This user already exists" error pops up ONLY if the user and pass matches the same one in the database. If I use a different password, the info is still inserted into the database.
Solution:
Remove
AND pass = '$_POST[pass]'
from
$query = mysql_query("SELECT * FROM UserName WHERE userName = '$_POST[user]' AND pass = '$_POST[pass]'") or die(mysql_error());
So far it works. I'm still new into this whole database/php thing so thanks for bearing with me ♥
<?php
function redirect_to_index_with_error(){
echo '<meta http-equiv="refresh" content="0;url=index.php">';
}
function go_to_home(){
echo '<meta http-equiv="refresh" content="0;url=home.php">';
}
$email = mysql_real_escape_string($_POST['username']); echo $email;
$pwd = mysql_real_escape_string($_POST['password']);
echo $pwd;
$query = "SELECT * FROM users WHERE email='$email' AND password=MD5('$pwd')";
echo "query variable created.";
mysql_connect("localhost","root","") or die(mysql_error());
echo "connected."; //nothing
mysql_select_db("mcp") or die(mysql_error());
$results = mysql_query($query) or die(mysql_error());
if(mysql_num_rows($results) == 0){
redirect_to_index_with_error();
exit();
}
$userID = null;
$name = null;
$school = null;
$mod = null;
while($user = mysql_fetch_array($results)){
$userID = $user['ID'];
$name = $user['Name'];
$school = $user['School'];
if($user['Mod'] == '1')
$mod = true;
else
$mod = false;
}
if(!isset($_SESSION))
session_start();
//set session variables
$_SESSION["userID"] = $userID;
$_SESSION["name"] = $name;
$_SESSION["school"] = $school;
$_SESSION["mod?"] = $mod;
go_to_home();
exit();
?>
PHP echos everything up until "connected". It's not even showing a mysql error. I've had this code work flawlessly on Windows with WAMP, but not on Mac with MAMP. I've verified that the servers are running, so I can't tell what the problem is. I'm using PHP 5.3.6.
Your connection needs to be established before you call mysql_real_escape_string()
So move mysql_connect("localhost","root","") or die(mysql_error()); to the top.
Move the mysql_connect() statement above everything else.
// put this at the TOP
mysql_connect("localhost:3306","root","") or die(mysql_error());
Just as everyone else mentioned, see this note:
http://php.net/mysql_real_escape_string#refsect1-function.mysql-real-escape-string-notes
Also, you should see errors, in development, at least.
See: error_reporting()
you have to call mysql_real_escape_string() after connect.
otherwise this function returns an empty string and your query fails.
though it raises an error but it seems you haven't seen that.
So, you ought to either turn displaying errors on or peek error logs - it's impossible to program without ability to see error messages
Also, you have to improve your formal logic.
To make a statement like "PHP seems to be refusing to connect to MySQL" youi have to verify it first. Connect is just a single line and returns a value.
You can verify this value and make a certain conclusion.
But running whole code of several dozens of lines and making statements about just one makes no sense.