Jump to content

Help me with some string problem.

Niixie

By Niixie
in PHP Coding Help

Recommended Posts

Niixie Member

Niixie

Posted
Posted

Hello PHPFreaks, i have 2 problems. The first problem is, that what i want help to is on my other computer. And its not possible for me to get to it atm. So i'll do it as good as i remember.

 

My second problem is, i made a website and i want a login on one of the pages. I made a form etc. The username field is called 'usernamebox' and the password field is called 'passwordbox'.

 

So, in the php part I do like this.

 

<?php
$username_string = $_POST['usernamebox'];
$password_string = $_POST['passwordbox'];

rest of code ...
?>

 

Is there any problem doing that, because my SQL server shows me error every place i try to connect it with the strings?

Link to comment
https://forums.phpfreaks.com/topic/225190-help-me-with-some-string-problem/
Share on other sites
Niixie Member

Niixie

Posted
  • Author
Posted

My error lines is 73-74 and two others. And line 73 and 74 is

 

$username_string = $_POST['usernamebox'];
$password_string = $_POST['passwordbox'];

 

Thanks for the quick answer

 

-Anyone knows where i can find a good tutorial for php login script?

Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

I didn't say they weren't advanced, I said they are obsolete. There's no value whatsoever in teaching that it's a good idea to arbitrarily apply stripslashes() to form data, or that deprecated functions like session_register() should be used.

Niixie Member

Niixie

Posted
  • Author
Posted

Well Pikachu2000, you know where i could learn how to do it correctly or "In the right way"?

-I scripted Sa-mp server, where i made alot of login systems. and somehow it doesnt work with php aswell? (Yes i did change all from pawno to php ...)

Niixie Member

Niixie

Posted
  • Author
Posted

Theres my code:

(* means error line)

 

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">

<table border="0">
<tr><td>Username:</td><td>
	<input type="text" name="usernamebox" maxlength="60">
</td></tr>
<tr><td>Password:</td><td>
	<input type="password" name="passbox" maxlength="60">
</td></tr>
<tr><th colspan=2><input type="submit" name="submit" value="Login"><input type="reset" class="knapper" name="slet" value="Reset" /></th></tr> </table>
</form></center>
       
<?php			
session_start();
$conn = mysql_connect("localhost", "root", "");
mysql_select_db("phpdb");

*$username_string = $_POST['usernamebox'];
*$userpassword_string = $_POST['passbox'];

$query = sprintf("SELECT NULL FROM memberlist WHERE Username = '%s' AND Password = '%s'", 
	mysql_real_escape_string($username_string),
	mysql_real_escape_string($userpassword_string)) or die(mysql_error());

$result = mysql_query($query);

if (!$result) {
    	        $message  = 'Invalid query: ' . mysql_error() . "\n";
    		$message .= 'Whole query: ' . $query;
    		die($message);
}

if (mysql_num_rows($result) > 0){
	$_SESSION['loggedin'] = 1;
  		*$_SESSION['username'] = $_POST['usernamebox'];
  		*$_SESSION['password'] = $_POST['passwordbox'];
} else {
    		echo "<h1>Invalid login!</h1>
   	 	<p>The login was unvalid, either the password didnt match the username. Else the user isn't registered. Try again</p>";
}
?>

 

Errors is attached

 

[attachment deleted by admin]

Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

You have the logic backwards. You should have the php code before the form is echoed, and check to see if the form has been submitted before allowing the code to run. The notices above are all caused by attempting to use the values in the $_POST array before the form has been submitted. I've commented the code; see if it makes sense to you.

 

<?php
session_start();
if( $_POST['submitted'] === 'yes' ) { // Check for added hidden field to see if form has been submitted, if not don't execute code.
$conn = mysql_connect("localhost", "root", "");
mysql_select_db("phpdb");
array_map('trim', $_POST); // run the $_POST array through trim() to get rid of extra whitespace
$username_string = !empty($_POST['usernamebox']) ? $_POST['usernamebox'] : ''; // If $_POST['usernambox'] has a value, assign it to $uername_string
$userpassword_string = !empty($_POST['passbox']) ? $_POST['passbox'] : ''; // If $_POST['passbox'] has a value, assign it to $userpassword_string
$query = sprintf("SELECT NULL FROM memberlist WHERE Username = '%s' AND Password = '%s'",
mysql_real_escape_string($username_string),
mysql_real_escape_string($userpassword_string)) or die(mysql_error());
$result = mysql_query($query);
if (!$result) {
	$message
	= 'Invalid query: ' . mysql_error() . "\n";
	$message .= 'Whole query: ' . $query;
	die($message);
}
if (mysql_num_rows($result) > 0) {
	$_SESSION['loggedin'] = 1;
	$_SESSION['username'] = $username_string; // use the variables that already have the trim()med values assigned, rather than $_POST values
	$_SESSION['password'] = $userpassword_string; // not a great idea to store a password in a $_SESSION variable
} else {
	echo "<h1>Invalid login!</h1>
<p>The login was unvalid, either the password didnt match the username. Else the user isn't registered. Try again</p>";
}
}
?>
<form action="" method="post">
<table border="0">
<tr><td>Username:</td><td>
<input type="text" name="usernamebox" maxlength="60">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="passbox" maxlength="60">
<input type="hidden" name="submitted" value="yes"><!-- ADDED HIDDEN FIELD TO BETTER TEST FOR FOR SUBMISSION -->
</td></tr>
<tr><th colspan=2><input type="submit" name="submit" value="Login"><input type="reset" class="knapper" name="slet" value="Reset" /></th></tr> </table>
</form></center>

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.