-3

I try to create a form that will check if the user exist in database but i'm having problem connecting AJAX with sql, if you can help me finding out this problem i would be very appreciated, sorry my english is not great. these are my code:

<!DOCTTYPE html>
<html lang="en">
<head>
<mete charset="UTF-8">
<title>Email client</title>
<script type="text/javascript">

function load(){
 if (window.XMLHttpRequest) {
     xmlhttp = new XMLHttpRequest();
 }else{
     xmlhttp = new ActiveXObject('Microsoft.XMLHTTP');
 }
 xmlhttp.onreadystatechange = function(){
     if (xmlhttp.readyState == 4 && xmlhttp.status == 200 ){
         document.getElementById('info').innerHTML = xmlhttp.responseText;
     }
 }
 xmlhttp.open('GET', 'checkuser.php', true);
 xmlhttp.send();

}

</script>
</head>

<body>

<form name="loginform" onclick="load();">

  Username : <input name="userID" type="text" id="userID"><br />
  Password : <input name="password" type="password" id="passWD"><br />
  <input type="submit" id="button" value="Get in there"> <br />
  <p>Don't have an account? <a href="register.html"> please register </a></p>
</form>

<div id="info"></div>


</body>

</html>

my php (checkuser.php):

<?php
$dbhost = 'localhost';
$dbuser = 'xxxx';
$dbpass = 'xxxx';
$dbname = 'xxxx';
$dbtable = 'xxxx';


$q=$_GET["userID"];
$p=$_GET["passWD"];

$con = mysql_connect($dbhost, $dbuser, $dbpass);
if (!$con)
 {
    die('Could not connect: ' . mysql_error());
 }
$dbselect = mysql_select_db($dbname,$con);

$sql="SELECT * FROM $dbtable WHERE userID='$q'";

$result = mysql_query($sql);


if (mysql_num_rows($result)==0) { 
    echo "not registered";
} else {
    while($row = mysql_fetch_array($result))
 {

 if (($row['passWD'])==$p) {
   echo "registered";
} else { echo "not registered";} 

}
} 
mysql_close($con);

?>
Linus Kleen
  • 33,871
  • 11
  • 91
  • 99
user761497
  • 67
  • 5
  • 12
  • whats the issue? are you seeing any errors? you need to check the logs in both your browser console and you server logs to figure out what exactly is not working. – hvgotcodes Jan 16 '13 at 13:23
  • You might want to call `load` onsubmit instead of onclick. – Musa Jan 16 '13 at 13:26
  • "AJAX connecting to SQL" doesn't make any sense. You use AJAX to communicate between PHP scripts through a browser. One of your PHP scripts works with MySQL database. First step here is to find out whether it's your AJAX that doesn't do the job or the PHP script. Try invoking checkuser.php directly with parameters to see if there's a problem with database, then move forward depending on the findings. – maksimov Jan 16 '13 at 13:27
  • You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Jan 16 '13 at 13:27
  • Don't store passwords in clear text [using a hashing algorithm](https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet). – Quentin Jan 16 '13 at 13:28

1 Answers1

1

Your PHP expects to have two query string parameters passed to it (don't send passwords in query strings, they might get logged, use a POST request) but your JavaScript is just requesting the URL of the script without any query string at all.

Presumably you want to extend load to get data from the form, and to call load in the submit event for the form and not the load event of the document.

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335