mallen Posted August 8, 2011 Share Posted August 8, 2011 I have this simple form checking a user and password from database. At first I was just checking a hard coded value. Now I want to check it against the database. Is there anything in my code that is keeping it form working? You can point to me and I can try to figure it out? Warning: mysql_real_escape_string(): Access denied for user ''@'localhost' (using password: NO) in ...... Warning: mysql_real_escape_string(): A link to the server could not be established in.... Warning: mysql_real_escape_string(): Access denied for user ''@'localhost' (using password: NO) in .... Warning: mysql_real_escape_string(): A link to the server could not be established in .... <?php session_start(); error_reporting(E_ALL ^ E_NOTICE); include('../includes/dev.connection.inc.php'); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Login Test Page</title> </head> <body> <?php $username = mysql_real_escape_string(trim($_POST['user'])); $password = mysql_real_escape_string(trim($_POST['password'])); $con = dbConnect(); $sql = "SELECT * FROM users WHERE username = '$username' and password = '$password'"; $result = $con->query($sql) or die(mysql_error()); echo $row['username']; $row = $result->fetch_assoc(); if(!empty($_POST['submit'])){ if($username == "") { print "Please enter your username"; }elseif($password == "") { print "Please enter your password"; }elseif($username == $row['username'] && $password == $row['password'] ){ // I Think this line is giving me the error // Check if username and password were submitted if (!isset($_SESSION['user'])){ session_regenerate_id(); //assign user's name to session } $_SESSION['user'] = $_POST['user']; } } ?> <?php if(($_SESSION['user'] == "" )|| (!isset($_SESSION['user']))){ ?> <form action="login9.php" method="post"> <table width="200" border="0"> <tr> <td width="71">User:</td> <td width="113"><label for="user"></label> <input type="text" name="user" id="user" /></td> </tr> <tr> <td>Password:</td> <td><label for="password"></label> <input type="password" name="password" id="password" /></td> </tr> <tr> <td> </td> <td><input type="submit" name="submit" value="Log in" /></td> </tr> </table> </form> <?php }else{ print "Hello, ".$_SESSION['user']; }?> </body> </html> Link to comment https://forums.phpfreaks.com/topic/244173-simple-form-checking-a-user/ Share on other sites More sharing options...
MasterACE14 Posted August 8, 2011 Share Posted August 8, 2011 You haven't connected to your database. What's inside dev.connection.inc.php ? Link to comment https://forums.phpfreaks.com/topic/244173-simple-form-checking-a-user/#findComment-1253955 Share on other sites More sharing options...
mallen Posted August 8, 2011 Author Share Posted August 8, 2011 <?php function dbConnect() { $con = mysqli_connect('localhost', 'root','xxxx', 'development') or die ('Cannot connect to MySQL server'); return $con; } ?> Link to comment https://forums.phpfreaks.com/topic/244173-simple-form-checking-a-user/#findComment-1253958 Share on other sites More sharing options...
MasterACE14 Posted August 8, 2011 Share Posted August 8, 2011 you have to call dbConnect(); in either dev.connection.inc.php or somewhere before $username in your script above. for example: include('../includes/dev.connection.inc.php'); $con = dbConnect(); would be fine. however if you're including dev.connection.inc.php on all pages that require a database connection, I would just put it inside that file instead. Although at the end of the day, it need not be a function for your purposes at all. dev.connection.inc.php could just be this: <?php $con = mysqli_connect('localhost', 'root','xxxx', 'development') or die ('Cannot connect to MySQL server'); ?> Link to comment https://forums.phpfreaks.com/topic/244173-simple-form-checking-a-user/#findComment-1253962 Share on other sites More sharing options...
mallen Posted August 8, 2011 Author Share Posted August 8, 2011 Yes I know but I use the same connection for other pages i work on. I moved the $con = dbConnect(); line. Still not working. <?php $con = dbConnect(); $username = mysql_real_escape_string(trim($_POST['user'])); $password = mysql_real_escape_string(trim($_POST['password'])); $sql = "SELECT * FROM users WHERE username = '$username' and password = '$password'"; $result = $con->query($sql) or die(mysql_error()); echo $row['username']; $row = $result->fetch_assoc(); if(!empty($_POST['submit'])){ if($username == "") { print "Please enter your username"; }elseif($password == "") { print "Please enter your password"; }elseif($username == $row['username'] && $password == $row['password'] ){ // Check if username and password were submitted if (!isset($_SESSION['user'])){ session_regenerate_id(); //assign user's name to session } $_SESSION['user'] = $_POST['user']; } } ?> <?php if(($_SESSION['user'] == "" )|| (!isset($_SESSION['user']))){ ?> <form action="login9.php" method="post"> <table width="200" border="0"> <tr> <td width="71">User:</td> <td width="113"><label for="user"></label> <input type="text" name="user" id="user" /></td> </tr> <tr> <td>Password:</td> <td><label for="password"></label> <input type="password" name="password" id="password" /></td> </tr> <tr> <td> </td> <td><input type="submit" name="submit" value="Log in" /></td> </tr> </table> </form> <?php }else{ print "Hello, ".$_SESSION['user']; }?> Link to comment https://forums.phpfreaks.com/topic/244173-simple-form-checking-a-user/#findComment-1253968 Share on other sites More sharing options...
MasterACE14 Posted August 8, 2011 Share Posted August 8, 2011 then either the username or password you're passing to mysqli_connect() is incorrect. My mistake, this: $username = mysql_real_escape_string(trim($_POST['user'])); $password = mysql_real_escape_string(trim($_POST['password'])); should be this: $username = mysqli_real_escape_string(trim($_POST['user'])); $password = mysqli_real_escape_string(trim($_POST['password'])); mysqli as opposed to mysql. Link to comment https://forums.phpfreaks.com/topic/244173-simple-form-checking-a-user/#findComment-1253969 Share on other sites More sharing options...
phpSensei Posted August 8, 2011 Share Posted August 8, 2011 Btw this line will produce and UNDEFINED variable, since your muting any E_NOTICE reports you havn't noticed it. Not a big deal, but just in case you were debugging the output of that column $result = $con->query($sql) or die(mysql_error()); echo $row['username']; $row = $result->fetch_assoc(); Link to comment https://forums.phpfreaks.com/topic/244173-simple-form-checking-a-user/#findComment-1253975 Share on other sites More sharing options...
mallen Posted August 8, 2011 Author Share Posted August 8, 2011 Ok I got it working, sort of... getting this error .....mysqli_real_escape_string() expects exactly 2 parameters, So I just removed the mysqli_real_escape_string() and now it is the following and working: $username = trim($_POST['user']); $password = trim($_POST['password']); Why does it throw that error? Link to comment https://forums.phpfreaks.com/topic/244173-simple-form-checking-a-user/#findComment-1253989 Share on other sites More sharing options...
MasterACE14 Posted August 8, 2011 Share Posted August 8, 2011 requires $con as the first argument passed to it http://www.php.net/manual/en/mysqli.real-escape-string.php: $username = mysqli_real_escape_string($con, trim($_POST['user'])); $password = mysqli_real_escape_string($con, trim($_POST['password'])); Link to comment https://forums.phpfreaks.com/topic/244173-simple-form-checking-a-user/#findComment-1253991 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.