www.webdeveloper.com
Results 1 to 8 of 8

Thread: PHP and SQL login script help

  1. #1
    Join Date
    Apr 2014
    Posts
    36

    PHP and SQL login script help

    Hey guys hope your all well!

    I just need some help on my login script I found some simple script and I'm getting the following error message now when I try and get users to log in


    Notice: Undefined index: user in C:\xampp\htdocs\login.php on line 7
    You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''users' where username = '' and password = 'password'' at line 1

    This is the Login.php script

    Code:
    <?php
    // checkLogin.php
    
    session_start(); // Start a new session
    require('config.php'); // Holds all of our database connection information
    // Get the data passed from the form
    $username = $_POST['user'];
    $password = $_POST['password'];
    
    // Do some basic sanitizing
    $username = stripslashes($username);
    $password = stripslashes($password);
    
    $sql = "select * from 'users' where username = '$username' and password = '$password'";
    
    $result = mysql_query($sql) or die ( mysql_error() );
    $count = 0;
    while ($line = mysql_fetch_assoc($result)) {
    
         $count++;
    	 }
    if ($count == 1) {
    
         $_SESSION['loggedIn'] = "true";
    
         header("Location: loginSuccess.php"); // This is wherever you want to redirect the user to
    
    } else {
    
         $_SESSION['loggedIn'] = "false";
    
         header("Location: loginFailed.php"); // Wherever you want the user to go when they fail the login
    
    }
    
     ?>
    This is the config.php code

    Code:
    <?php 
    
    $connection = mysqli_connect("localhost","root","","registration");
    
    // Check connection
    if (mysqli_connect_errno())
      {
      echo "Failed to connect to MySQL: " . mysqli_connect_error();
      }
    
    //mysqli_close($connection);
    ?>
    Hope someone can help me out with this

    Thanks

    Rich

  2. #2
    Join Date
    Mar 2005
    Location
    Behind you...
    Posts
    986
    You don't put quotes around table names or field names in MySQL. Try this:
    PHP Code:
    $sql "select * from users where username = '$username' and password = '$password'"
    Also, I'll go ahead and get my 'nb4' as you should know mysql_query() disapproval is coming.
    The original mysql methods in PHP are old and outdated. They are less secure than newer methods that were later implemented and actually they are no longer supported in the most recent version of PHP (5.5 at the time of this post).

    So it's recommended you switch to mysqli methods or PDO.
    "Given billions of tries, could a spilled bottle of ink ever fall into the words of Shakespeare?"

  3. #3
    Join Date
    Apr 2014
    Posts
    36
    Quote Originally Posted by Sup3rkirby View Post
    You don't put quotes around table names or field names in MySQL. Try this:
    PHP Code:
    $sql "select * from users where username = '$username' and password = '$password'"
    Also, I'll go ahead and get my 'nb4' as you should know mysql_query() disapproval is coming.
    The original mysql methods in PHP are old and outdated. They are less secure than newer methods that were later implemented and actually they are no longer supported in the most recent version of PHP (5.5 at the time of this post).

    So it's recommended you switch to mysqli methods or PDO.
    Hey Sup3rkirby. Yeah I forgot all about changing sql to sqli that I have done. When I click on the submit button I'm now getting the following error message (sorry to be such apain!)


    Notice: Undefined index: user in C:\xampp\htdocs\login.php on line 7

    Warning: mysqli_error() expects exactly 1 parameter, 0 given in C:\xampp\htdocs\login.php on line 16

    Any help would be brilliant

    Rich

  4. #4
    Join Date
    Mar 2005
    Location
    Behind you...
    Posts
    986
    If you only added the 'i' to make your code a mysqli_query() command it won't work. In terms of command names there is obviously just a 1 character difference (for most commands), but the functions themselves are not identical.

    You must also pass the connection with the mysqli_query() command. Here's a simple example: http://www.w3schools.com/php/func_mysqli_query.asp
    So make sure you adjust all of your mysql related code accordingly.
    "Given billions of tries, could a spilled bottle of ink ever fall into the words of Shakespeare?"

  5. #5
    Join Date
    Feb 2014
    Location
    Canada
    Posts
    155
    In regards to your notice at line 7, check your HTML form to make sure there is actually a field with an attribute of name = "user". Also, you might want to first check whether your $_POST variable have something in them to avoid these kinds of notices, such as:

    PHP Code:
    $username "";
    $password "";
    if((isset(
    $_POST['user'])) && (isset($_POST['password']))) {
         
    $username $_POST['user'];
         
    $password $_POST['password'];
    } else {
        
    // do something when not all of the fields were entered
    }
    // sanitize your variables as you were doing 

  6. #6
    Join Date
    Apr 2014
    Posts
    36
    hey guys still having problems with my code sorry to be such a pain!

    Code:
    <?php
    // checkLogin.php
    
    session_start(); // Start a new session
    require('config.php'); // Holds all of our database connection information
    // Get the data passed from the form
    $username = $_POST['username'];
    $password = $_POST['password'];
    
    // Do some basic sanitizing
    $username = stripslashes($username);
    $password = stripslashes($password);
    
    $sqli = "select * from 'users' where username = '$username' and password = '$password'";
    
    $result = mysqli_query($sqli) or die ( mysqli_error() );
    $count = 0;
    while ($line = mysqli_fetch_assoc($result)) {
    
         $count++;
    	 }
    if ($count == 1) {
    
         $_SESSION['loggedIn'] = "true";
    
         header("Location: loginSuccess.php"); // This is wherever you want to redirect the user to
    
    } else {
    
         $_SESSION['loggedIn'] = "false";
    
         header("Location: loginFailed.php"); // Wherever you want the user to go when they fail the login
    
    }
    
     ?>
    this is the error message that I'm getting....


    Warning: mysqli_query() expects at least 2 parameters, 1 given in C:\xampp\htdocs\login.php on line 16

    Warning: mysqli_error() expects exactly 1 parameter, 0 given in C:\xampp\htdocs\login.php on line 16

  7. #7
    Join Date
    Mar 2005
    Location
    Behind you...
    Posts
    986
    You still haven't fixed the issue I noted in my last post. the mysqli_query() function does not work exactly like the mysql_query() function. You must pass a connection object as well as the query, where as you are only passing the query. Again, here is a link to an example and explaination of mysqli_query(): http://www.w3schools.com/php/func_mysqli_query.asp

    In your config.php file you need to make a mysqli connection and store it in a variable, like so:
    Code:
    $con = mysqli_connect("SERVER ADDRESS", "USERNAME", "PASSWORD", "DATABASE NAME");
    Also be sure to check for a failed connection (the link earlier in this post shows an example of that).
    Once you have the connection stored you must add it to your mysqli_query() function as the first parameter.
    Code:
    $result = mysqli_query($con, $sqli) or die (mysqli_error());

    And just as a general note, again, mysqli functions are not exactly the same as mysql. Anywhere in your code where you were once using mysql functions and have updated, please make sure you properly update all of the functions as some of them require different parameters (as was the case here).
    "Given billions of tries, could a spilled bottle of ink ever fall into the words of Shakespeare?"

  8. #8
    Join Date
    Apr 2014
    Posts
    36
    Quote Originally Posted by Sup3rkirby View Post
    You still haven't fixed the issue I noted in my last post. the mysqli_query() function does not work exactly like the mysql_query() function. You must pass a connection object as well as the query, where as you are only passing the query. Again, here is a link to an example and explaination of mysqli_query(): http://www.w3schools.com/php/func_mysqli_query.asp

    In your config.php file you need to make a mysqli connection and store it in a variable, like so:
    Code:
    $con = mysqli_connect("SERVER ADDRESS", "USERNAME", "PASSWORD", "DATABASE NAME");
    Also be sure to check for a failed connection (the link earlier in this post shows an example of that).
    Once you have the connection stored you must add it to your mysqli_query() function as the first parameter.
    Code:
    $result = mysqli_query($con, $sqli) or die (mysqli_error());

    And just as a general note, again, mysqli functions are not exactly the same as mysql. Anywhere in your code where you were once using mysql functions and have updated, please make sure you properly update all of the functions as some of them require different parameters (as was the case here).
    hey sorry i didn't see your reply, the connection string is ok and is working fine due to me having a fully working register page. I will have a look at the other things that you have suggested tomorrow and i will let you know how i get on

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles