-2

I am taking three inputs from user: UserName, FirstName, Email.

I want to check that if username is present in database then it should check its corresponding Firstname and email. And if all the three are correct then print message.

html code:

<html>
<body>
     Username: <input type="text" name="username"/>
     FirstName: <input type="text" name="name"/>
     Email: <input type="text" name="email"/>
</body>
</html>

PHP code:

       if(isset($_POST['submit']))
       {
           $usrnm=$_POST['username'];
           $name=$_POST['name'];
           $email=$_POST['email'];


           $user_name = "root";
           $password = "";
           $database = "show_your_talent";
           $server = "127.0.0.1";
           $db_handle = mysql_connect($server, $user_name, $password);
           $db_found = mysql_select_db($database, $db_handle);

           if ($db_found) 
           {
               $res="SELECT UserName,Fname,Email FROM reg WHERE UserName='$usrnm'";
               $result = mysql_query($res);

               $count=mysql_num_rows($result);
               if($count==1)
               {            
                   echo "<script type='text/javascript'> alert('Password has been sent to your email id..')</script>";
               }
               else
               {
                   echo "<script type='text/javascript'> alert('Wrong')</script>";
               }
           }
           mysql_close($db_handle);
       }
Vidhi
  • 2,026
  • 2
  • 20
  • 31
Disha
  • 17
  • 4

2 Answers2

2

First Please use the form tag in html with method post.Then use this

if ($db_found) 
        {
               $name=$_POST['name'];
               $email=$_POST['email'];
               $res="SELECT * FROM reg WHERE UserName='".$usrnm."'";
               $res1="SELECT * FROM reg WHERE UserName='".$usrnm."' and Fname ='".$name."'";
               $res2="SELECT * FROM reg WHERE UserName='".$usrnm."' and Fname ='".$name."' and Email='".$email."'";
               $result = mysql_query($res);
               $result1= mysql_query($res1);
               $result2 = mysql_query($res2);
               $count=mysql_num_rows($result);
               $count1=mysql_num_rows($result1);
               $count2=mysql_num_rows($result2);
               if(($count==1) && ($count1==1) && ($count2==1) )
               {   
                     echo "<script type='text/javascript'> alert('Password has been sent to your email id..')</script>";
               }
              else
              {
                   echo "<script type='text/javascript'> alert('Wrong')</script>";
              }
        }
Choco
  • 1,054
  • 1
  • 7
  • 20
2

You're missing form tags and a (named) submit button to go along with your conditional statement if(isset($_POST['submit'])){...}

Your code won't execute without it.

<html>
<body>

<form action="handler.php" method="post">
     Username: <input type="text" name="username"/>
     FirstName: <input type="text" name="name"/>
     Email: <input type="text" name="email"/>

<input type="submit" name="submit" value="Submit">

</form>
</body>
</html>

You then need to modify your query to:

$res="SELECT * FROM reg  WHERE UserName='$usrnm'  
          AND Email='$email' AND Fname='$name'";

while adding stripslashes() and mysql_real_escape_string() to your POST variables.

I.e.: (and doing it for all your POST variables)

$usrnm = stripslashes($_POST['username']);
$usrnm = mysql_real_escape_string($_POST['username']);

Yet, it's best to use prepared statements; see further down below.

Add error reporting to the top of your file(s) which would have signaled the error.

error_reporting(E_ALL);
ini_set('display_errors', 1);

Sidenote: Error reporting should only be done in staging, and never production.

Including or die(mysql_error()) to mysql_query(). Something you are not doing.

Community
  • 1
  • 1
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141