Jump to content

Submit code


honeybee

Recommended Posts

Hello to all,

What is the php code for a submit button. The process is like, when we click the submit button, you need to create an entry in the database and then display on the screen as Welcome user.....

I have searched the code and found that even if there are no fields and then click on submit button, i am getting Welcome.

 

Example: UserName= "asdf"

It should come as Welcome asdf on the html page

 

Problem is that.

Username= " "

I get Welcome without giving the name.....

 

Can you provide me a solution/\?

Link to comment
https://forums.phpfreaks.com/topic/140475-submit-code/
Share on other sites

<?php

 

 

$con = mysql_connect("localhost","root","");

if(!$con)

{

die('not able to connect: ' . mysql_error());

}

 

$usr = $_POST['usr'];

$pass = $_POST['pswd'];

 

 

mysql_select_db("form1", $con);

 

$query=mysql_query("SELECT pswd FROM form1 WHERE usr = '$usr'");

$query_row=mysql_fetch_array($query);

$query1=$query_row['pswd'];

 

if($pass == $query1)

{

echo "welcome $usr";

}

else

{

echo "You are not a valid user. Please re-login again.";

echo "<br>";

echo "<a href='./login.php'>Click here</a> to login.";

}

 

mysql_close($con);

 

?>

 

 

 

What is wrong with this???? I tried this and it is not working.

Link to comment
https://forums.phpfreaks.com/topic/140475-submit-code/#findComment-735131
Share on other sites

A few things. Firstly, you can check a user is valid by using both there username and password in your query. Secondly, you are not sanitising your user submitted data, this can be very dangerous. Thirdly, you don't check to see if your form has actually been submitted to this script. And lastly, you never check your query succeeds before attempting to use any results. Again, this can be dengerous.

 

<?php

if (isset($_POST['submit'])) {
  mysql_connect("localhost","root","") or die('not able to connect: ' . mysql_error());
  mysql_select_db("form1");

  $usr = mysql_real_escape_string($_POST['usr']);
  $pass = mysql_real_escape_string($_POST['pswd']);

  $sql = "SELECT pswd FROM form1 WHERE usr = '$usr' && pass = '$pass'";
  if ($result = mysql_query($sql)) {
    if (mysql_num_rows($result)) {
      echo "welcome $usr";
    } else {
     echo "You are not a valid user. Please re-login again.";
     echo "<br>";
     echo "<a href='./login.php'>Click here</a> to login.";
    }
  }
}

?>

 

Now, are you sure your passwords aren't hashed? They should be. Maybe thats why your not finding any results.

Link to comment
https://forums.phpfreaks.com/topic/140475-submit-code/#findComment-735136
Share on other sites

<html>

<head>

<title>

Welcome!!!

</title>

</head>

 

<body>

 

<?php

 

if (isset($_POST['submit'])) {

  mysql_connect("localhost","root","") or die('not able to connect: ' . mysql_error());

  mysql_select_db("form1");

 

  $usr = mysql_real_escape_string($_POST['usr']);

  $pass = mysql_real_escape_string($_POST['pswd']);

 

  $sql = "SELECT pswd FROM form1 WHERE usr = '$user' && pass = '$pswd'";

  if ($result = mysql_query($sql)) {

    if (mysql_num_rows($result)) {

      echo "welcome $user";

    } else {

    echo "You are not a valid user. Please re-login again.";

    echo "<br>";

    echo "<a href='./index.php'>Click here</a> to login.";

    }

  }

}

 

?>

</body>

</html>

 

This is the code that i have used to execute.... And i did not find any momentum going on for the program. I got stuck there.. What might be the other problems for the same ???

Link to comment
https://forums.phpfreaks.com/topic/140475-submit-code/#findComment-735390
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.