Value not found in php

Question

For login i'm passing mail id and password from javascript file and i've checked through console.log that the values are printed. But when i echo both values in php only password is showed not the mail. But i can't find any error.Here i'm pasting the php file.

<?php
require_once('DBconnection.php');

ini_set('display_errors', 1);
ini_set('log_errors', 1);

$datamail = $_GET["mailID"];
$datapass = $_GET["psw"];
//$datamail = isset($_GET["mailID"]) ? $_GET["mailID"] : '';

echo $datamail;
echo $datapass;

$login_query = "SELECT * FROM student_table where mail_id = '$datamail' AND password='$datapass'";

//echo $login_query;

$login_res = $db->query($login_query);

if( $login_res->num_rows == 1 ){
//if( $login_res == true ){
    echo "success";
}
else {
    //echo $login_res;
    echo mysqli_error($db);
    exit;
}
$db->close();
?>

Javascrit file Here

    function globalLogin() {
    checkLogInMail();
    //pageEntry();
}
function checkLogInMail() {
    var mailET = document.getElementById("mailID");
    var mailIdError = document.getElementById("mailIdErr");
    mailID = mailET.value;
    var regex = /^(([^<>()\[\]\.,;:\s@\"]+(\.[^<>()\[\]\.,;:\s@\"]+)*)|(\".+\"))@(([^<>()[\]\.,;:\s@\"]+\.)+[^<>()[\]\.,;:\s@\"]{2,})$/i;
    if (!regex.test(mailID)) {
        mailIdError.innerHTML = "Enter a valid Email id";
        //loginFlag = 1;
    }
    else{
        checkmailPass();
    }
}


function checkmailPass() {
    var passET = document.getElementById("psw");
    var passError = document.getElementById("pswErr");

    psw = passET.value;

    console.log(mailID);
    console.log(psw);

    var xhttp = new XMLHttpRequest();
    xhttp.onreadystatechange = function () {
        console.log(this.readyState);

        if(this.readyState == 4 && this.status == 200)
        {
            console.log(this.status);
            var response = xhttp.responseText;
            alert(response);
            if(!response.localeCompare( "success" )){
                document.getElementById("loginErr").innerHTML = "Mail or Password is correct";
                //alert("Successfully logged in :)");
                //window.location.href = "index.html";

            }
            else{
                document.getElementById("loginErr").innerHTML = response;

            }
        }

    }
    xhttp.open("GET", "passwordChecker.php?psw="+psw+"&mailID"+mailID, true);
    xhttp.send();

}

Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). — John Conde, May 01 '17 at 12:21
I looks like you store your passwords in plaintext. NEVER store your passwords in plaintext! — Peter Bruins, May 01 '17 at 12:26

score 2 · Accepted Answer · answered May 01 '17 at 12:25

2

you miss = in your get request in mailID

 xhttp.open("GET", "passwordChecker.php?psw="+psw+"&mailID="+mailID, true);

answered May 01 '17 at 12:25

ScaisEdge

131,976
10
91
107

score 0 · Answer 2 · answered May 01 '17 at 12:27

0

You missed an equal sign '=' in your javascript at your mailid parameter.

answered May 01 '17 at 12:27

Mr Hery

829
1
7
25

Its okay, the important thing is they did get the correct one – Mr Hery May 01 '17 at 12:46
no its not ok because your answer is not look like an answer, it's a comment – lazyCoder May 01 '17 at 13:04
Haha. Okay. Sorry. My fault, i ll make my answer better – Mr Hery May 01 '17 at 13:23

Value not found in php

2 Answers2