Submit code

[honeybee]

Hello to all,

What is the php code for a submit button. The process is like, when we click the submit button, you need to create an entry in the database and then display on the screen as Welcome user.....

I have searched the code and found that even if there are no fields and then click on submit button, i am getting Welcome.

 

Example: UserName= "asdf"

It should come as Welcome asdf on the html page

 

Problem is that.

Username= " "

I get Welcome without giving the name.....

 

Can you provide me a solution/\?

[trq]

A simple example....

 

<form method="post">
  <input type="text" name="username">
  <input type="submit" name="submit">
</form>
<?php

if (isset($_POST['submit']) && !empty($_POST['username'])) {
  echo "Welcome {$_POST['username']}";
}

?>

[honeybee]

<?php

 

 

$con = mysql_connect("localhost","root","");

if(!$con)

{

die('not able to connect: ' . mysql_error());

}

 

$usr = $_POST['usr'];

$pass = $_POST['pswd'];

 

 

mysql_select_db("form1", $con);

 

$query=mysql_query("SELECT pswd FROM form1 WHERE usr = '$usr'");

$query_row=mysql_fetch_array($query);

$query1=$query_row['pswd'];

 

if($pass == $query1)

{

echo "welcome $usr";

}

else

{

echo "You are not a valid user. Please re-login again.";

echo "<br>";

echo "<a href='./login.php'>Click here</a> to login.";

}

 

mysql_close($con);

 

?>

 

 

 

What is wrong with this???? I tried this and it is not working.

[trq]

A few things. Firstly, you can check a user is valid by using both there username and password in your query. Secondly, you are not sanitising your user submitted data, this can be very dangerous. Thirdly, you don't check to see if your form has actually been submitted to this script. And lastly, you never check your query succeeds before attempting to use any results. Again, this can be dengerous.

 

<?php

if (isset($_POST['submit'])) {
  mysql_connect("localhost","root","") or die('not able to connect: ' . mysql_error());
  mysql_select_db("form1");

  $usr = mysql_real_escape_string($_POST['usr']);
  $pass = mysql_real_escape_string($_POST['pswd']);

  $sql = "SELECT pswd FROM form1 WHERE usr = '$usr' && pass = '$pass'";
  if ($result = mysql_query($sql)) {
    if (mysql_num_rows($result)) {
      echo "welcome $usr";
    } else {
     echo "You are not a valid user. Please re-login again.";
     echo "<br>";
     echo "<a href='./login.php'>Click here</a> to login.";
    }
  }
}

?>

 

Now, are you sure your passwords aren't hashed? They should be. Maybe thats why your not finding any results.

[honeybee]

<html>

<head>

<title>

Welcome!!!

</title>

</head>

 

<body>

 

<?php

 

if (isset($_POST['submit'])) {

  mysql_connect("localhost","root","") or die('not able to connect: ' . mysql_error());

  mysql_select_db("form1");

 

  $usr = mysql_real_escape_string($_POST['usr']);

  $pass = mysql_real_escape_string($_POST['pswd']);

 

  $sql = "SELECT pswd FROM form1 WHERE usr = '$user' && pass = '$pswd'";

  if ($result = mysql_query($sql)) {

    if (mysql_num_rows($result)) {

      echo "welcome $user";

    } else {

    echo "You are not a valid user. Please re-login again.";

    echo "<br>";

    echo "<a href='./index.php'>Click here</a> to login.";

    }

  }

}

 

?>

</body>

</html>

 

This is the code that i have used to execute.... And i did not find any momentum going on for the program. I got stuck there.. What might be the other problems for the same ???