-3

I have three files working on an login app to learn PHP. This is the connection with DB

<?php
# Connecting database below
$connection = mysqli_connect('localhost','root','','loginapp');
if ($connection) {
    # code...
    echo "connected";
}
else{
    echo "Errorr";
    die("Database");
}?>

and here is the html code for the web view

<html>
  <head>
     <title>Form</title>
  </head>
  <body>
       <h1>Welcome to My Form</h1>
       <form class="" action="login_create.php" method="post">
           <input type="text" name="name" placeholder="Enter your name here"><br>
           <input type="password" name="password" placeholder="Enter Password" value=""><br>
           <input type="submit" name="submit" value="submit">
       </form>
  </body>
 </html>

and here is the file where things are going wrong, its not checking the conditions of entries and not putting the data into database what's wrong going there? help please
sometimes it gives

error that "unknown 'sbumit' in the $_POST" and sometimes it don't doesn't even show any error

but doesn't even do anything

    <?php
include "db.php";
if (isset($_POST['submit'])) {

    $username = $_POST['name'];
    $password = $_POST['password'];

    if (isset($username) && isset($password)) {

        if (strlen($username) > 10 && strlen($username) < 3) {

            echo "Must enter username & pass between 3 & 10";
            echo "So that we can forward your request";
        }

        else {

            $query = "INSERT INTO users (username,password) VALUES ('$username','$password')";
           $result = mysqli_query($connection,$query);

            if(!$result)
            {
                die('Sorry Query faild'.mysqli_error());
            }
        }
    }
    else
    {
        echo "You haven't wrote anything, write it first";
    }
   }?>
María Antignolo
  • 388
  • 4
  • 17
Habib Rehman
  • 590
  • 3
  • 15
  • 36
  • @raveenanigam yea sorry for that i edited " sometimes it gives error that "unknown 'sbumit' in the $_POST" and sometimes it don't doesn't even show any error but doesn't even do anything " – Habib Rehman Sep 22 '15 at 11:17
  • 1
    `sbumit` you're sure? – Thomas Ayoub Sep 22 '15 at 11:21
  • 2
    you should replace the `&&` with `||` in the if-statement with `if (strlen($username) > 10 && strlen($username) < 3)` because username can't both be greater than 10 and less than 3 – 131 Sep 22 '15 at 11:22
  • 1
    Habib, please do not get stressed, people will mark up and mark down your questions and answers all over Stack Overflow, it's the way the site works and you will get no where (except pissed off) if you stress and worry about it. Please do not. I am also writing you an informative answer to your question so stick around to read that shortly :-) – Martin Sep 22 '15 at 11:54
  • 3
    it's life, people are stupid. It's why democracy doesn't work for the best interests of society, and committees are slow and tedious. Because people without knowledge are given the same power of choice as people with knowledge. **Person = smart, People = stupid**. – Martin Sep 22 '15 at 12:00
  • 2
    If you're new to programming (or you're struggling with debugging your programs), you should read [this blog post](http://ericlippert.com/2014/03/05/how-to-debug-small-programs/) which is also linked to in the [How do I ask a good question?](http://stackoverflow.com/help/how-to-ask) post. While it won't provide a direct answer to your current issue, it will provide you with helpful methods on finding problems with your code on your own. – harris Sep 22 '15 at 12:08

2 Answers2

1

Habib,

Some guidance for PHP :

 $button   = isset($_POST["submit"])?$_POST["submit"]:"";

What this line does is apply a value to the $button variable, the first check is that IF isset($var) THEN (indicated with the ? ) apply the value of $var to the $button variable. The colon : then sets that if the boolean query (true/false) of the IF returns false, then apply the second value instead, in this case an empty string of "".

This is code minimalisation and you should be aware of it but there is little need to use it, especially while learning.

Feedback on your code:

  • mysqli_error($connection); Your error feedback for MySQLi should include the connection details, as shown here.

  • replace the $username = $_POST['name'];

    $password = $_POST['password']; if (isset($username) && isset($password)) { because you want to check not if they're set but if they're not empty, currently they will be set as they're set to the values of $_POST even if they are null (potentially), so replace with: if(!empty($username) && !empty($password)){

    • Also note that ! is the negative operator. so above is IF NOT EMPTY.

  • if (strlen($username) > 10 && strlen($username) < 3) { this is impossible to reach because you're setting if string is longer then 10 AND string is shorter than 3, this is clearly impossible. replace the && with || which is OR rather than AND .

  • Personally I think that isset($_POST['submit']) is not the best way, instead checking that if($_POST['submit'] == 'submit') confirms the submission of this form from this submit button (the value is the value set in your HTML form).

  • $query = "INSERT INTO users (username,password) VALUES ('$username','$password')"; This works fine, BUT you really, really need to do some research into SQL injection attacks and SQL security. read How can I prevent SQL injection in PHP? as a start. This is very important to learn at the start of your PHP MySQL learning.

    • Also research into PDO database connectivity.

    • Also be aware that your script will not output anything when you have a successful saving of username/password to the database.

As a closer:

  • Fnally, set up error logging on your page, to give you useful feedback on errors and problems: error_reporting(E_ALL); ini_set('display_errors', 1); at the very top of your page. Also see How do I get PHP errors to display?
Community
  • 1
  • 1
Martin
  • 22,212
  • 11
  • 70
  • 132
  • this knowledge seems overwhelming me but i'll surely look into that thanks martin, that really helped – Habib Rehman Sep 22 '15 at 12:14
  • 2
    Programming can be really overwhelming when you're starting out. I recommend you don't bother with the short-hand conditional assignment. Like Martin said, it's good to the aware of, but a regular `if/else` structure is much easier to read. If you're using online tutorials, you should favor the ones that actually explain what is being done and why, instead of the "tutorials" that are just blocks of code, with practically no explanation on why they're doing things the way they are. The desire to get to the good stuff can be hard to fight, but start small. – harris Sep 22 '15 at 12:26
  • good one harris, thanks for that and i'm definitely watching free tutorials on PHP & that's expected that i'll have a very little knowledge but i need a start and it will be my stair to look into bigger and greater things – Habib Rehman Sep 22 '15 at 13:30
0

Change your code as follow.

     <?php
        include "db.php";

        $button   = isset($_POST["submit"])?$_POST["submit"]:"";
        $username = isset($_POST["name"])?$_POST["name"]:"";
        $password = isset($_POST["password "])?$_POST["password "]:"";


/*Commetents*/
$button =isset($_POST["submit"])?$_POST["submit"]:""; 
is similar to following code:

if(isset($_POST["submit"]))
  { 
  $button = $_POST["submit"];
  }
else
  {
  $button = $_POST["submit"];
  }

You know in Php 5.4 , it will present error,if you do not set any value to variable . that is why we used it. If it doesn't get any value it will set it value "".

if($button == "submit") means when someone will press the button submit then $_POST['submit'] value will be submit which you define in the submit button value.

if($button == "submit")
        {
          if($username=="" or $password=="") 
            {
            $error ="Username  & Password can't be blank";
            }
          elseif(strlen($username)<3 or strlen($username) > 10 )
           {
           $error ="Must enter username & pass between 3 & 10";
           } 
          else  
          {
        $query = "INSERT INTO users (username,password) VALUES('$username','$password')";
        mysqli_query($connection,$query) or die(mysqli_error());

          }

        }

    echo $error;

Hope it will help you .

Martin
  • 22,212
  • 11
  • 70
  • 132
jewelhuq
  • 1,210
  • 15
  • 19
  • 3
    It might help to explain what you changed and why. Especially because the OP mentioned he is new to PHP and still learning. Just giving some piece of code without any explanation will not teach him much. – Oldskool Sep 22 '15 at 11:43
  • ok. thank you for your suggestions i am going to add comments. – jewelhuq Sep 22 '15 at 11:44
  • @jewelhuq yea sure, because i'm new to php so i don't know what the kinky things going on in the very first statement whats this "?" doing there and do i really need to do $button == "submit" it was working fine before but i don't know what happened with that :/ – Habib Rehman Sep 22 '15 at 11:48
  • you can read the article about to learn about ?: http://davidwalsh.name/php-shorthand-if-else-ternary-operators – jewelhuq Sep 22 '15 at 11:59