Creating a applet in a web page

Question

I want to have a simple web page with fields for userName and password.Once a user enters the correct userName and password and press logIn button then it should display an applet. Here's my code.

<?php  
$un=$_POST["username"];  
$pw=$_POST["password"];  
$log=$_POST["Login"];  
$con=mysqli_connect("localhost","root","","");  
if(mysqli_connect_errno($con))  
    {  
    echo "Failed to connect".mysqli_connect_error();  
    }  
mysqli_select_db($con,student);  
$query="SELECT * FROM studentinfo WHERE stName=$un AND stP=$pw";  

$result=mysqli_query($con,$query);  
$num_rows = mysqli_num_rows($result);  
if($log){  
    if($num_rows==1){  
    $isLogged=true;  
    }  
    else{  
    echo "Error log In.Invalid username or password";     
    $isLogged=false;  
    }  
}  
?>  
<head>  
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />  
<title>User LogIn</title>  
</head>  

<body>  
<form method="post">  
            <label>Username<input name="username" type="text" /></label> <label>Password<input name="password" type="password" /></label>  
            <input name="cmd" type="submit" value="Login" />  
        </form>  
<?php if($isLogged) {?>  
<applet code="studentWeb.html" width="32" height="32" alt="Couldn't launch applet" title="Student Details">  
</applet>  
<?php }?>  
</body>  
</html>

Right now it gives an error as

mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in and it doesn't open up a applet even when correct username and password has been entered.

Edit: After I changed to action="logindata.php" in the form, here's the logindata.php

<?php
$connect=mysqli_connect("localhost","root","");
if(mysqli_connect_errno($connect))
{
    echo "Failed to connect".mysqli_connect_error();
}
mysqli_select_db($connect,"student") or die("couldn't connect to db");
$un=$_POST["username"];
$pw=$_POST["Password"];

$sql="SELECT * FROM studentinfo WHERE stUserName='$un' AND stPassword='pw'";

$query=mysqli_query($connect,$sql) or die("couldn't find values");

if($query){
    include_once("studentWeb.html");
}
else{
echo ("Invalid username or password");

}


?>

Why does this allow incorrect password and username ?

Try debugging the applet loading in plain HTML (no log-in) to start with. Also be sure the [Java Console](http://www.java.com/en/download/help/javaconsole.xml) is configured to show. If there is no output at the default level, raise the level and try it again. — Andrew Thompson, Nov 15 '14 at 23:26
@Andrew Thompson My applet works fine without this logIn page.I changed it to.I am not sure if the way I have implemented the login condition works correctly.Because I wrote `echo "Succesfully loggrd on ";` inside `if($log){ if($num_rows==1){ ` and it does't get printed. I have used `$log=$_POST["Login"]; ` to know if the logIn button has been pressed.Can I identify whether the login button is pressed from this way — sam_rox, Nov 16 '14 at 03:20
@AndrewThompson I corrected the mistake.I didn't have quotation marks inside `student` in `mysqli_select_db($con,student); ` and wasn't even checking it.Also I add a` action=""` in the form and got rid of all the php part in index.Now after successful login it gives the applet but shows that `Java needs permission to run on` — sam_rox, Nov 16 '14 at 03:38
*"Now after successful login it gives the applet but.."* Then you should accept an answer and ask a new question. SO is a Q&A site, not a help desk. — Andrew Thompson, Nov 16 '14 at 04:21

score 2 · Accepted Answer · edited May 23 '17 at 10:28

Quote these WHERE stName='$un' AND stP='$pw' since we're dealing with strings, which is why you are getting a boolean error.

Plus, use isset() around your executed code since you're using your entire code inside the same file.

You stand at getting an undefined index warning upon page entry.

Using error reporting will give you that:

Add error reporting to the top of your file(s) which will help find errors.

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

// rest of your code

Sidenote: Error reporting should only be done in staging, and never production.

Also add or die(mysqli_error($con)) to mysqli_query()

Footnotes:

Your present code is open to SQL injection.

Use prepared statements, or PDO with prepared statements, they're much safer.

Edit:

If you wish to include a file (show contents of), do the following, which I am under the impression you wish to do:

<?php if($isLogged) { 

    include 'studentWeb.html';
}
?>

This is to be replaced by your present code:

<?php if($isLogged) {?>  
<applet code="studentWeb.html" width="32" height="32" alt="Couldn't launch applet" title="Student Details">  
</applet>  
<?php }?>

You can also try:

<?php $file = file_get_contents('studentWeb.html', true);
  echo $file;
?>

or '../foldername/studentWeb.html' depending on where the file is located.

The <applet> tag is not supported in HTML5. Use the <object> tag instead if you are having problems with your present code. Yet, applets usually have the .class extension.

Consult http://www.tutorialspoint.com/html/html_applet_tag.htm

Edit #2:

As per your edit, change:

if($query){
    include_once("studentWeb.html");
}
else{
echo ("Invalid username or password");

}

to:

$numrows = mysqli_num_rows($query);

if($numrows > 0){
   include_once("studentWeb.html");
}

@sam_rox You're very much welcome. I'm glad that a full solution came about. Always a pleasure. Edit: Seems the other messages were deleted, too many comments. Deleted by a moderator probably. — Funk Forty Niner, Nov 16 '14 at 04:33

score 0 · Answer 2 · answered Nov 15 '14 at 17:37

mysqli_query() is returning false because of failure. Use $query="SELECT * FROM studentinfo WHERE stName=" . $un . " AND stP= " . $pw; Moreover, this is not a good way because if your query fails, it will return boolean false which will again generate error for mysqli_num_rows()

You may look into this for further information and this for better ways to query your database.

Creating a applet in a web page

2 Answers2