PHP file not working

Question

I’m making a practice website for signing in, using PHP and MySQL. However, when I click submit, the PHP doesn't execute and get data from my database, but it is opened. I can’t seem to find what's wrong in my coding. I have checked and php is enabled and interpreted.

Here's my HTML file:

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<title>Sign-In</title>
<link href="layout.css" rel="stylesheet" type="text/css"/>
</head>

<body>
<div id="sign-in">
<fieldset style="width:30%"><legend>Sign In Here</legend>
<form method="POST" action="connectivity.php">
Username<br><input type="text" name="username" size="40"><br><br>
Password<br><input type="password" name="password" size="40"><br>
<input id="button" type="submit" name="submit" value="Sign In">
</form>
</fieldset>
</div>
</body>
</html>

Here's my php file:

<?php
define('DB_HOST', 'localhost');
define('DB_NAME', 'databasename');
define('DB_USER', 'root');
define('DB_PASSWORD', 'password');
$con = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD) or die("Failed to connect to MySQL: " . mysql_error());
$db = mysql_select_db(DB_NAME, $con) or die("Failed to connect to MySQL: " . mysql_error());
/*
$ID = $_POST['username'];
$Password = $_POST['password'];
*/

function SignIn()
    {
    session_start();
    if (!empty($_POST['username']))
        {
        $query = mysql_query("SELECT* FROM Username WHERE username ='$_POST[username]' AND password ='$_POST[password]'", $db) or die(mysql_error());
        $row = mysql_fetch_array($query) or die(mysql_error());
        if (!empty($row['username']) AND !empty($row['password']))
            {
            $_SESSION['username'] = $row['password'];
            echo "Successfully Signed In.";
            }
          else
            {
            echo "Sorry, you entered the wrong username and password. Please Try Again.";
            }
        }
    }

if (isset($_POST['submit']))
    {
    SignIn();
    }

mysql_close($con);
?>

I'm using the tutorial from this website, but have different names. I'm pretty new at this, so when answering please be as specific as possible.

Your code is vulnerable to SQL injections. You should read on [how to prevent them in PHP](http://stackoverflow.com/q/60174/53114). — Gumbo, May 11 '14 at 07:02
Besides that, you may want to [adjust the error reporting to see all errors](http://stackoverflow.com/q/6575482/53114). — Gumbo, May 11 '14 at 07:04
Are you actually running the code through a web server—local or remote—that can parse PHP, or have you just copied these files onto your desktop & are loading the main HTML file via a browser locally? PHP like this needs to be parsed via a web server that has PHP enabled as a module. — Giacomo1968, May 11 '14 at 07:06
try adding error reporting to your php file: ini_set('display_errors',1); error_reporting(E_ALL); — Jentel, May 11 '14 at 07:06
@Gumbo If they can’t even get the PHP code running how do you think they will understand the difference between `mysql_*` and `mysqli_*` extensions? — Giacomo1968, May 11 '14 at 07:07
I would recommend, https://phpacademy.org/videos/oop-loginregister-system tutorial! The one you are following, seems pretty old.. — Kamran Ahmed, May 11 '14 at 07:08
Is this the exact code you're using? because you have a small error in your query. `SELECT*` should be `SELECT *` — Gil, May 11 '14 at 07:08
@Gil That isn't really the error, SQL interprets it correctly even though it's safe to leave a space. @OP: Can you check if your function is being called first of all? `echo` anything inside your function before the `if`s. — AyB, May 11 '14 at 07:10
may be this will resolve this issue, Replace this define('DB_PASSWORD', 'password'); line with define('DB_PASSWORD', ''); — daniyalahmad, May 11 '14 at 07:23
thanks, I changed the query line as suggested underneath and used mysqli instead. when I used mysqli, it said "failed to connect to mysql'. so does that mean something is wrong with my connection code? if so, what? — user3603705, May 11 '14 at 07:57

score 0 · Accepted Answer · edited May 11 '14 at 07:26

0

In your mysql_query try

$query = mysql_query("SELECT* FROM Username WHERE username =" . $_POST['username'] . "AND password ="._POST['password'],$db) or die(mysql_error($con));

You should use the . operator to concatenate strings. And you forgot the quotes in $_POST[].

edited May 11 '14 at 07:26

Giacomo1968

25,759
11
71
103

answered May 11 '14 at 07:14

user3624961

26
3

score 0 · Answer 2 · answered May 11 '14 at 07:15

0

I guess the reason is the missing quotes.

This:

$query= mysql_query ("SELECT* FROM Username WHERE username ='$_POST[username]' AND password ='$_POST[password]'",$db) or die (mysql_error());

Should probably be this:

$query = mysql_query("SELECT * FROM Username WHERE username = '{$_POST['username']}' AND password = '{$_POST['password']}'",$db) or die (mysql_error());

And a couple of other things

Mysql_ is deprecated as of 5.5, use mysqli_ or PDO instead.
Filter user input to avoid SQL injections.
Check out prepared statements.

answered May 11 '14 at 07:15

Alex

115
1
8

thanks, when I used mysqli, it said "failed to connect to mysql'. so does that mean something is wrong with my connection code? if so, what? – user3603705 May 11 '14 at 07:54
mysqli_ is not the same as mysql_, so you'll have to change all of your database related code to use mysqli instead. But you can still use mysql. Just keep in mind that mysql_ is outdated and **should not be used in new projects**. Feel free to stick with mysql_ **for learning**, it's probably a bit easier since most of the **older books and tutorials** still uses it. Feel free to mark my answer as the solution if it was the solution. – Alex May 11 '14 at 08:16

score 0 · Answer 3 · answered May 11 '14 at 07:48

If you want to use both strings and varibles like "My name is $name", there are some ways o do it.

Collecting strings with variables containing numbers and strings:
- $var = 'My name is' . $name;
- $var = "My name is" . $name;
- $var = "My name is $name";
- Note:
  $var = 'My name is $name;' won't output the $name value, but its name.
Collecting strings with variables containing arrays:
- $var = 'My name is' . $user['name'];
- $var = "My name is" . $user['name'];
- $var = "My name is {$user['name']}";
  Without the {} brackets this won't work properly.

That's why this line:

$query = mysql_query("... username ='$_POST[username]' AND password ='$_POST[password]'", $db) or die(mysql_error());

should be replaced with this:

$query = mysql_query("SELECT * FROM Username WHERE username ='".$_POST['username']."' AND password ='".$_POST['password']."'", $db) or die(mysql_error());

or this:

$query = mysql_query("SELECT * FROM Username WHERE username = \"{$_POST['username']}\" AND password = \"{$_POST['password']}\"", $db) or die(mysql_error());

PHP file not working

3 Answers3