Connecting mysqli_query command from external php file

Question

I have been trying to use mysqli_query to connect to database define in an external file but am getting an repeated error as undefined $conn

index.php

<?php
require 'connect.in.php';
include 'loginform.php';

?>

connect.in.php

<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbase = "users";

$conn = mysqli_connect($servername,$username,$password);

if($conn ||!mysqli_select_db($dbase)){

    die('error message');
}
?>

loginform.php

<?php
    if(isset($_POST['username']) && isset($_POST['password'])){
    $username = 'username';
    $password = 'password';
    if(!empty($username) && !empty($password)){
        $query = "SELECT 'id' FROM 'user_list' WHERE 'username'= '$username' AND 'password' = '$password'";
        if(mysqli_query($conn, $query)){
            echo "correct";
        }
        else{
            echo "false";
        }
    }
}

?>
<form method="post">
Username:<input type="text" name="username">
Password:<input type="password" name="password">
<input type="submit" value="Login">

</form>

also is it possible to incorporate CSS and Bootstrap in this php files say for loginform.php?

you have to include/require `connect.in.php` in loginform.php like so `require("connect.in.php"); — Jeff, Jul 08 '16 at 16:43
[Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! — Jay Blanchard, Jul 08 '16 at 16:45
**Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure you ***[don't escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. — Jay Blanchard, Jul 08 '16 at 16:45
including or requiring the connect.in.php gives me an error in the web page — Abhishek, Jul 08 '16 at 16:48
What error does it give you? You need to get the actual error messages. — Jay Blanchard, Jul 08 '16 at 16:52
die statement error message..couldn't connect to the database — Abhishek, Jul 08 '16 at 17:03

score 0 · Accepted Answer · edited Jul 08 '16 at 16:52

Don't forget to tell mysqli_connect() function what database you are using. I hate to use W3Schools but take a look here, the 4th parameter is the DB you want to use.

connect.in.php

<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbase = "users";

$conn = mysqli_connect($servername,$username,$password, $dbase);

if($conn ||!mysqli_select_db($dbase)){

    die('error message');
}
?>

Generally you would want all your CSS and JS files in the <head> element of your index page or your master page. Essentially you could just add the files in your loginform.php file at the top but i would suggest not doing so and place them in your index.php file.

Connecting mysqli_query command from external php file

1 Answers1