Jump to content

PHP Login Form by using PDO connection


pouria25

Recommended Posts

Hi

I'm a beginner and I would like to create a simple login form by using PDO connection.

I wrote all these codes but nothing happened. The only thing I know is my PDO connection is working.

Any help I appreciate that.

 login form:

 

<!DOCTYPE html>
<html>

<form method="post" action="loginaccess.php">
    <br>
    <br>
    Username <input type="text" name="username"> 
    <br>
    <br>
    Password <input type="text" name="password">
    <br>
    <br>
    <input value="submit" type="submit" name="submit">
    <br>
    <br>
    <br>
    <br>
    
    

</form>

<?php
    require 'Connection.php';


session_start();


    
    if(isset($_POST['submit'])) {
        $username = $_POST['username'];
        $password = $_POST['password'];
        
        $query = $conn->prepare("SELECT COUNT ('id') FROM 'users' WHERE 'username' = '$username' AND 'password' = '$password'");
        $query-> execute();
        
        $count = $query->fetchColumn();
        
        if ($count > "0"){
            $_SESSION['username'] = $username;
            
            header('location: panel.php');
        }
        else {
            
            echo "Wrong informations";
        }
    }

?>

</html>

   

Link to comment
Share on other sites

you need to call session_start() before any output is sent to the browser (top of the script usually)

Do not put identifiers (table and column names) in quotes.

The whole purpose of using prepared queries is so you don't put user-provided vaariable directly into the query.

Do not needlessly create variables.

Do not store passwords as plain text, use password_hash() and password_verify()

$query = $conn->prepare("SELECT COUNT(id) FROM users WHERE username = ? AND password = ?");
$query-> execute( [ $_POST['username'], $_POST['password'] ] );

 

Link to comment
Share on other sites

Do you mean PDO connection? DNS connection is completely different. We can't tell you if your PDO connection works at all if you don't provide any error messages you received when you submit the form.

As with your Connection.php file, the code in there should be something similar to:

<?php
$host = 'localhost';
$db   = 'my database name';
$user = 'my database username';
$pass = 'my database password';
$charset = 'utf8mb4';

$dsn = "mysql:host=$host;dbname=$db;charset=$charset";
$options = [
    PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
    PDO::ATTR_EMULATE_PREPARES   => false,
];
try {
     $conn = new PDO($dsn, $user, $pass, $options);
} catch (\PDOException $e) {
     throw new \PDOException($e->getMessage(), (int)$e->getCode());
}
?>

 

Link to comment
Share on other sites

Hi

I've written as you told me but now I don't know if my DSN.Connection is connected to my database or not?

How can µI understand that?

 

<?php

$host = 'localhost';
$db = 'cool';
$user = 'myweb';
$pass = '*********';
$charset = 'utf8mb4';


$dsn = "mysql:host=$host;dbname=$db;charset=$charset";
$options = [
	PDO::ATTR_ERRMODE				=>PDO::ERRMODE_EXCEPTION,
	PDO::ATTR_DEFAULT_FETCH_MODE	=>PDO::FETCH_ASSOC,
	PDO::ATTR_EMULATE_PREPARS		=> false,
];
try {
	$pdo = new PDO($dsn, $user, $pass, $options);
	echo '<p style="color:#009933;">Connected successfully</p>'; 
} catch (\PDOEXCEPTION $e) {
    
	throw new \PDOException($e->getMessage(), (int)$e->getCode());
	
}

?>



Yours faithfully

Link to comment
Share on other sites

Thanks again, I don't get even the message " Connected successfully"!

Can you tell me what can I try like a query?

I'm really a beginner with PHP, please?

I've not thought it'll be so complicated to understand!

 

 

Yours sincerely 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.