Jump to content
pouria25

PHP Login Form by using PDO connection

Recommended Posts

Hi

I'm a beginner and I would like to create a simple login form by using PDO connection.

I wrote all these codes but nothing happened. The only thing I know is my PDO connection is working.

Any help I appreciate that.

 login form:

 

<!DOCTYPE html>
<html>

<form method="post" action="loginaccess.php">
    <br>
    <br>
    Username <input type="text" name="username"> 
    <br>
    <br>
    Password <input type="text" name="password">
    <br>
    <br>
    <input value="submit" type="submit" name="submit">
    <br>
    <br>
    <br>
    <br>
    
    

</form>

<?php
    require 'Connection.php';


session_start();


    
    if(isset($_POST['submit'])) {
        $username = $_POST['username'];
        $password = $_POST['password'];
        
        $query = $conn->prepare("SELECT COUNT ('id') FROM 'users' WHERE 'username' = '$username' AND 'password' = '$password'");
        $query-> execute();
        
        $count = $query->fetchColumn();
        
        if ($count > "0"){
            $_SESSION['username'] = $username;
            
            header('location: panel.php');
        }
        else {
            
            echo "Wrong informations";
        }
    }

?>

</html>

   

Share this post


Link to post
Share on other sites

you need to call session_start() before any output is sent to the browser (top of the script usually)

Do not put identifiers (table and column names) in quotes.

The whole purpose of using prepared queries is so you don't put user-provided vaariable directly into the query.

Do not needlessly create variables.

Do not store passwords as plain text, use password_hash() and password_verify()

$query = $conn->prepare("SELECT COUNT(id) FROM users WHERE username = ? AND password = ?");
$query-> execute( [ $_POST['username'], $_POST['password'] ] );

 

  • Like 1

Share this post


Link to post
Share on other sites

Hi dear

Thank you for your answer I would like to ask you if even my connection works.
Should I use a DNS connection?

Yours faithfully

Share this post


Link to post
Share on other sites
Posted (edited)

Do you mean PDO connection? DNS connection is completely different. We can't tell you if your PDO connection works at all if you don't provide any error messages you received when you submit the form.

As with your Connection.php file, the code in there should be something similar to:

<?php
$host = 'localhost';
$db   = 'my database name';
$user = 'my database username';
$pass = 'my database password';
$charset = 'utf8mb4';

$dsn = "mysql:host=$host;dbname=$db;charset=$charset";
$options = [
    PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
    PDO::ATTR_EMULATE_PREPARES   => false,
];
try {
     $conn = new PDO($dsn, $user, $pass, $options);
} catch (\PDOException $e) {
     throw new \PDOException($e->getMessage(), (int)$e->getCode());
}
?>

 

Edited by Cobra23

Share this post


Link to post
Share on other sites

Hi

I've written as you told me but now I don't know if my DSN.Connection is connected to my database or not?

How can µI understand that?

 

<?php

$host = 'localhost';
$db = 'cool';
$user = 'myweb';
$pass = '*********';
$charset = 'utf8mb4';


$dsn = "mysql:host=$host;dbname=$db;charset=$charset";
$options = [
	PDO::ATTR_ERRMODE				=>PDO::ERRMODE_EXCEPTION,
	PDO::ATTR_DEFAULT_FETCH_MODE	=>PDO::FETCH_ASSOC,
	PDO::ATTR_EMULATE_PREPARS		=> false,
];
try {
	$pdo = new PDO($dsn, $user, $pass, $options);
	echo '<p style="color:#009933;">Connected successfully</p>'; 
} catch (\PDOEXCEPTION $e) {
    
	throw new \PDOException($e->getMessage(), (int)$e->getCode());
	
}

?>



Yours faithfully

Share this post


Link to post
Share on other sites

Exceptions work on the general principle that if it fails you get an error.

If you need convincing that you are connected, try running a query and check the result.

Share this post


Link to post
Share on other sites

Thanks again, I don't get even the message " Connected successfully"!

Can you tell me what can I try like a query?

I'm really a beginner with PHP, please?

I've not thought it'll be so complicated to understand!

 

 

Yours sincerely 

 

Share this post


Link to post
Share on other sites

Have you got php error reporting turned on in your php.ini file? (You have ann error in the PDO options)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.