0

I am currently working on a project, but I'm just stuck on something. I know there are a lot of questions related to this, but I couldn't find any useful information.

I'm new to PHP and I need to write php code which changes pages and doesn't change the URL (i.e if I am going to login.php, the URL should still be home.php) and I need to use the GET method.

I'm sorry if there are some mistakes in my code, but thanks for any help.

Here is my home.php file:

<?php
session_start();
?>
<!DOCTYPE html>
<html>
<link rel="stylesheet" type="text/css" href="Layout.css" />
<link rel="stylesheet" type="text/css" href="Menu.css" />
<meta http-equiv="Content-Type" content="text/html"; charset=utf-8" />
<title> Title </title>
</head>

<body>
<div id="Holder"></div>
<div id="Header"></div>
<div id="NavBar">
<nav>
<ul>
    <li><a href="\home.php"> Home </a> </li>
    <li><a href="\login.php">Login </a></li>
    <li><a href="\register.php">Register </a></li>
    </ul>
 </nav>
</div>
<div id="Content">
<div id="PageHeading">
    <h1> Welcome to HOME page </h1>
</div>
</div>
<div id="Footer"></div>
</body>
</html>

Here is my login.php file:

<?php
session_start();

$db = mysqli_connect ("localhost", "root", "","information1");

 if (isset($_POST['Register'])){
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
$sql = "SELECT username, password FROM user WHERE username='$username' AND
 password='$password'";
$base =mysqli_query ($db, $sql);

if (mysqli_num_rows($base) == 1) {
header ("location: nav_menu.php");
 }
else
{
  echo "Passwords does not match";
}
}

?>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="Layout.css" />
<link rel="stylesheet" type="text/css" href="Menu.css" />
<meta http-equiv="Content-Type" content="text/html"; charset=utf-8" />
<title> Title </title>
</head>

<body>
<div id="Holder"></div>
<div id="Header"></div>
<div id="NavBar">
<nav>
<ul>
    <li><a href="\home.php"> Home </a> </li>
    <li><a href="\login.php">Login </a></li>
    <li><a href="\register.php">Register </a></li>
    </ul>
 </nav>
</div>
<div id="Content">
<div id="PageHeading">
    <h1> Welcome to HOME page </h1>
</div>
<div id="ContentRight">
<h2> Text2 </h2> </br>
<h6> Text3 </h6 </br>
</div>
<div id="ContentLeft">
<form name ="form2" method="POST" action="login.php">
<div class = "ContentTable">
<table width="400" border="0" align ="left">
<tbody>
<h4> Username: </h4>
<input type="text" name= "username" id="username" required></td>
</tr>
<tr>
<td> &nbsp; </td>
</tr>
<h4> Password: </h4>
<input type="text" name= "password" id="password" required></td>
</tr>
<td><input type="submit" name="Register" id="RegisterButton" value="Register"></td>
</div>
</div>
</form>
<div id="Footer"></div>
</body>
</html>
Joe
  • 4,877
  • 5
  • 30
  • 51
devorye
  • 193
  • 2
  • 16
  • You *can* do this just with `php` but is somewhat complicated and non-essential in most cases. You are better of doing it in `Javascript` using `Jquery` to retrieve the data. – Nytrix Jan 16 '17 at 19:29
  • Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly Jan 16 '17 at 19:46

0 Answers0