0

So hey there guys i am new to PHP and ran into a problem i hoped you can help me . As i was working on my login/Register system i ran into a problem.

My code is the following :

<?php
include 'core/init.php';

include 'includes/header.php';

if (isset($_POST['username'])&&isset($_POST['password'])) {

 $username = $_POST['username'];
 $password = $_POST['password'];

 if (!empty($username)&&!empty($password)) {

   $query = "SELECT `id` FROM `users` WHERE `username` = '$username' AND `password` = '$password'";
   if ($query_run = mysql_query($query)) {

     $query_num_rows = mysql_num_rows($query_run);

     if ($query_num_rows == 0) {

      echo 'Invalid username or password';

     } else {

      echo 'ok';

     } 

     } else {
       echo 'You must supply a valid username and a password';
     }

     } else {
       echo 'You must supply a username and a password';
     }


}
include 'includes/footer.php'
?>

When i enter the correct info it gives me the error invalid username/password so the query must be wrong ?

So please help me and Thanks for reading.

  • A side note: [Why shouldn't I use mysql_* functions in PHP?](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) – Itay Dec 29 '14 at 11:16
  • You're not checking for errors anywhere. Start by doing that on both the PHP side and MySQL. Plus, storing passwords in plain text; *tsk tsk*. – Funk Forty Niner Dec 29 '14 at 11:17
  • Also you never enter the validation if it is not set! – Rizier123 Dec 29 '14 at 11:17
  • A blank page probably means an error happened, check your error log. Trying to debug PHP without it can be difficult (a blank page is useless for finding syntax errors and things like that) – asimes Dec 29 '14 at 11:19
  • There are multiple problems with this code as stated above. But also have a look at your curly-brackets and If/else statements. They look messed up. – stUrb Dec 29 '14 at 11:21
  • And why are you surpressing error messages? `ini_set('display_errors', FALSE);` ? You are trying to debug your code..... – stUrb Dec 29 '14 at 11:43
  • Your code is vulnerable to SQL injection and you are storing passwords unsafely without hashing them. – Boann Dec 29 '14 at 13:20
  • Guys i will be working on hashing password and what ever later now im concerned about the fact that my code isnt working at all ...I removed it –  Dec 29 '14 at 13:24

2 Answers2

1

Before query in database please connect in database by mysql_connect & mysql_select_db 

mysql_connect("hostname","username","password") or die("unable to connect".mysql_error());

For example username='localhost' username='root' password='123456' then mysql_connect("localhost","root","123456") or die("unable to connect".mysql_error());

mysql_select_db('databse_name') or die("unable to select tabase".mysql_error());
 //databse_name your database name
Rafiqul Islam
  • 1,636
  • 1
  • 12
  • 25
  • and then ? what i put in this if statement ? maybe explain more please ? –  Dec 29 '14 at 11:28
  • Thanks for your help now its working yet when i enter the right info it still gives me the error 0.o i tried to fix it yet it wouldn't work ... –  Dec 29 '14 at 11:57
  • @JadSamadi **Before query in database please connect in database by [`mysql_connect`](http://php.net/manual/en/function.mysql-connect.php) & [`mysql_select_db`](http://php.net/manual/en/function.mysql-select-db.php)** – Rafiqul Islam Dec 29 '14 at 13:15
  • i did its in init.php where i used connect.php where all the info is there :) but now i have a new problem ... look : –  Dec 29 '14 at 13:21
  • Look at my code now ... no errors and yet not working :/ –  Dec 29 '14 at 13:25
  • Aucune base n'a �t� s�lectionn�e that what i got when i entered echo mysql_error(); .... any idea ? –  Dec 29 '14 at 13:26
  • Plz check `users` table exists in your database. – Rafiqul Islam Dec 30 '14 at 04:14
0

In your connection make sure you are outputing an error if mysql connection failed or connected. Maybe some code here might help.

Jerry Rhule
  • 47
  • 1
  • 6