PHP not recognizing when submit button is pressed?

Question

I'm just learning the PHP basics and I need to create a blog. I've followed a few tutorials but I can't seem to be able to get PHP to recognize when I've pressed the login form I created with HTML.

<?php
session_start(); //keep a session open so no need to relogin
if(isset($_POST['submit'])){ //check to see if submit button is pressed
    $user = $_POST['username'];
    $pwrd = $_POST['pwrd'];
    //add database connection
    include('./includes/db_connect.php');
    if(empty($user) || empty($pwrd)){
        echo 'Please ensure both password and username fields are filled.';
    }else{
        $pwrd = md5($pwrd);
        $query = $db->query("SELECT user_id, username FROM user WHERE username='$user' AND password = '$pwrd'"); //grab username and password from table
        if($query->num_rows ===1) {
            while ($row = $query->fetch_object()) {
                $_SESSION['user_id'] = $row->user_id;
            }
            header('Location : index.php'); //redirt user to index.php
            exit();
        }else{
            echo 'Wrong credentials';
        }
    }
}
?>

<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8" />
</head>
<body>

<div id="container">
    <form action="login.php" method="post">
        <p>
            <label>Username</label><input type="text" name="username" />
        </p>
        <p>
            <label>Password</label><input type="password" name="pwrd" />
        </p>
        <input type="submit" value="LogIn" />
    </form>
</div>
</body>
</html>

When I press log in while both username and password are empty I get nothing instead of 'Please ensure both password and username fields are filled.'

Any help would be appreciated.

score -1 · Accepted Answer · answered Mar 13 '17 at 22:30

-1

You are checking with if(isset($_POST['submit'])){ but there is no field in the form named submit.

Try with, if ($_SERVER['REQUEST_METHOD'] === 'POST') { instead. Or rename the submit button to submit [or something else but remember to fix the check as well]

answered Mar 13 '17 at 22:30

Fallen

4,435
2
26
46

while I didn't downvote this, it should be, because it's bad practice. You can have > 1 form on a page. We often have more than 1, sometimes up to 3, or more. Check for a field in the form you are processing, explicitly. I often use hidden form fields for this purpose. No, I decided that giving weak answers to new users is in fact worth a downvote, so there you have one. Encourage good practices that are robust and don't have to be unlearned in the future. – Lizardx Mar 13 '17 at 22:38
That doesn't make much sense. Clearly there is only one form in the question. Also you can always check for which form was submitted in that block. It is just handling the request type. – Fallen Mar 13 '17 at 22:42
It makes total sense, if you are learning, and you use bad practices, then you have learned a bad habit. What doesn't make sense is to post incomplete answers that can bite someone in the butt in the future because they weren't aware of the fact that what they learned was a bad habit. – Lizardx Mar 13 '17 at 22:44
http://stackoverflow.com/questions/409351/post-vs-serverrequest-method-post – Fallen Mar 13 '17 at 22:53
That seemed to display the missing credentials message but now I'm getting 2 undefined index errors for username and password, lines 4 & 5. Am I missing something? p.s Thanks for letting me know about request method:) – kako50 Mar 13 '17 at 23:13
Okay so I got through that part but now its as if the IF is not working. Whether I fill both fields or not I still get the message to ensure both fields are filled. Any ideas?:/ – kako50 Mar 14 '17 at 00:46
fallen, that link has NOTHING to do with using bad or good practices, absolutely zero. the point is learning how to do it well and robustly to begin with, not using bad hacks that will just backfire as soon as your pages or code gets more complicated. How you can fail to grasp this simple fact is beyond me. However, clearly I'm wasting my time on this particular post, so have at it. – Lizardx Mar 14 '17 at 03:39
You are preaching "best practice" and yet your answer is to do it with `if(isset($_POST['username'])){`. If you are worried that there could be multiple forms, why aren't you worried about the fact that there could be the field 'username' in more than one forms? `if ($_SERVER['REQUEST_METHOD'] === 'POST') {` is a valid way to check if a request was made using POST method, period. – Fallen Mar 14 '17 at 03:59

score -2 · Answer 2 · answered Mar 13 '17 at 22:33

$_POST data comes from the 'name="..."' item. Not type="...". Note that simply checking if POST exists is a risky practice since you can have more than 1 form on the page, so I always use explicit checks of the desired form fields to trigger form handlers.

<?php
session_start(); //keep a session open so no need to relogin
if(isset($_POST['username'])){ //check to see if submit button is pressed
    $user = $_POST['username'];
    $pwrd = $_POST['pwrd'];
    //add database connection
    include('./includes/db_connect.php');
    if(empty($user) || empty($pwrd)){
        echo 'Please ensure both password and username fields are filled.';
    }else{
        $pwrd = md5($pwrd);
        $query = $db->query("SELECT user_id, username FROM user WHERE username='$user' AND password = '$pwrd'"); //grab username and password from table
        if($query->num_rows ===1) {
            while ($row = $query->fetch_object()) {
                $_SESSION['user_id'] = $row->user_id;
            }
            header('Location : index.php'); //redirt user to index.php
            exit();
        }else{
            echo 'Wrong credentials';
        }
    }
}
?>

PHP not recognizing when submit button is pressed?

2 Answers2