-2

I'm trying to learn PHP & MYSQL, I done this code, it seems to work but I've a lot of "warnings", I don't know what they mean, anyway php connects to the db . Here the codes :

myPgae.php the "main" page

<!DOCTYPE HTML>
<html>
<head>
    <link rel="stylesheet" href='http://localhost/prove/librerie/bootstrap/css/bootstrap.css'></script>
    <script type="text/javascript" src='http://localhost/prove/librerie/angular.min.js'></script>
    <script type="text/javascript" src='http://localhost/prove/librerie/bootstrap/js/bootstrap.min.js'></script>
<body>
    <form action="procces.php" method="POST">
        <div class="text-info identazione" class="identazione">Username : </div><input lass="form-control" type="text" name="username"/>
        <div class="text-info identazione">Password : </div><input type="text" name="password"/>
        <div class="identazione"><input class=" btn btn-success" type="submit"/></div>
    </form>
</body>
</head>

<style>
    body {
        padding : 50px;
    }   
    .identazione{
        padding: 12px;
    }

</style>

process.php

    <?php 
//da myPage a variabili locale
    $username = $_POST['username'];
    $password = $_POST['password'];
//per prevenire mysql injection
    $username= stripcslashes($username);
    $password= stripcslashes($password);
    $username= mysql_real_escape_string($username);
    $password= mysql_real_escape_string($password);
//connessione al server e selezione database
    mysql_connect("localhost","root","");
    mysql_select_db("login");
//query al database per utente
    $risultato= mysql_query("select * from utenti where username = '$username' and password = '$password' ") or die("Utente non trovato, verificare le credenziali".mysql_error());
    $riga = mysql_fetch_array($result);
    if($riga['username']==$username && $riga['password']==$password){
        echo "Login effettuato. Benvenuto".$riga['username'];
    }
    else
        echo "Login errato. Reinserisci i dati";

?>

Here's the proof of warnings

warnings

Also,if it can help you, I'm working on Chrome and use Wampp. I wrote in italian coments I hope that isn't a problem anyway I have create the db it's name is : login, defined with username, password and id. I've creata a usertest and userpass, and they work if I try to put in the login, but with the same errors

UPDATE:

I change result in risutato, that's my error and now just two warning, anyway I have to update my knowlage, I'm working on outdate sources

enter image description here

Teshtek
  • 1,212
  • 1
  • 12
  • 20
  • 2
    **Deprecated** not **Removed**. Which version you are using? `$risultato != $result`. – Sougata Bose Nov 11 '16 at 07:48
  • @Chris I saw ti but didn't help me, I'm going to look it again – Teshtek Nov 11 '16 at 07:51
  • And see also http://stackoverflow.com/questions/4261133/php-notice-undefined-variable-and-notice-undefined-index for that "Undefined variable". – Qirel Nov 11 '16 at 07:51
  • 1
    And check also this one: http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php – S.I. Nov 11 '16 at 07:52
  • @Teshtek Basically what that means is that you're using an old API (`mysql_`), which you really shouldn't. See http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php – Qirel Nov 11 '16 at 07:53
  • If you are trying to learn php and have resources teaching to use the `mysql_` functions or storing passwords as clear-text, you should find other sources to learn from because the sources you are using is outdated – rypskar Nov 11 '16 at 07:53

2 Answers2

0

Stop before you go any further, you are using out date methods and need to do some reading before you go any further.

mysql is no longer supported and is dangerous to use, injection attacks. It is recommended that you have a read of this and start to understand how to do database queries using it - https://code.tutsplus.com/tutorials/why-you-should-be-using-phps-pdo-for-database-access--net-12059

You could also use mysqli if you prefer but I suggest PDO.

Following on from that you need to have a look at security, you are storing your passwords as plain test, this is bad. To provide a decent level of security I suggest that you have a read here - http://php.net/manual/en/function.password-hash.php

This is provide you with an understanding of how to use the password_hash() function as well as the password_verify() function.

Hope this helps.

Blinkydamo
  • 1,582
  • 9
  • 20
  • 1
    What's the difference between PDO and mysqli?Ok now I'm looking on password hash.Anyway you''re helping me – Teshtek Nov 11 '16 at 08:03
  • 1
    This will explain the difference better then I can - http://stackoverflow.com/questions/2190737/what-is-the-difference-between-mysql-mysqli-and-pdo – Blinkydamo Nov 11 '16 at 08:08
-1

For your own safety: Just don't use mysql_connect!

Switch to mysqli or pdo.

Anyway to hide/suppress deprecated warnings you may do on the top of the page use this:

error_reporting(E_ALL ^ E_DEPRECATED);
error_reporting(0);
Sanjay Dhiman
  • 68
  • 8