0

I make a webpage and when i press the submit button to my website (which is html) appears my php code and not the website. Yesterday it worked well , but today something's going wrong. I refresh the page and the connection but nothing is change . My filepath is right ,i didn't change anything. Here the html and php code . I connect them with a database in phpMyAdmin via XAMPP .The connection seems to work . Did you know why is this happening?

Thank you in advaned.

<!DOCTYPE html>

<html>
<div>

<form action="database.php" method="post">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

<br>
 <h2>Είσοδος Μικροβιολόγου</h2>
 <br>
Παρακαλώ εισάγετε τα στοιχεία σας
 <br>
'Ονομα: 
<input type="text" name="name">
<br>
Επώνυμο: 
<input type="text" name="surname">
<br>

Εισάγετε τον κωδικό ασφαλείας σας  :
<input type="password" name="password">
<br>
<input type="submit" value="Είσοδος"> 

</form>

</div>
</html>  

<!-- And the database.php code -->


<?php
header("content-type: text/html;charset=utf-8");
$connect=new mysqli('localhost','root','','doctor');
 
if($connect->connect_error)
{
  die( 'Failed to connect');
}
else 
 echo 'connect worked<br>';


$name= $_POST['name'];
$surname= $_POST['surname']; 
$password= $_POST['password'];

$sql="SELECT id FROM login WHERE name='$name' AND surname= '$surname' AND password= '$password'";
$result=$connect->query($sql);

if(mysqli_num_rows($result)){
 while($row=$result->fetch_assoc()){
 
     $vid= $row["id"];
 }
}


else{
 echo "Name, surname and password don't match".$row["password"];
}
session_start();  



$_SESSION['id'] = $vid;

 echo"<br>Το id μιρκοβιολογου είναι: ".$vid;
    echo"<br>";

?>
<input  type=button onClick="parent.location='asthenis/login_as/asthenis.html'" value='Σύνδεση Ασθενούς'>
<input type=button onClick="parent.location='asthenis/login_as/sign/sign_as.html'" value='Εγγραφή νέου πελάτη'>
martha t
  • 3
  • 3
  • are you sure that the filename is .php? – ScaisEdge May 19 '17 at 13:14
  • you need to run your PHP under localhost – Junius L May 19 '17 at 13:15
  • `$name= $_POST['name']; ... $sql="SELECT id FROM login WHERE name='$name' ...` **WARNING WARNING! Danger Will Robinson** : https://www.owasp.org/index.php/SQL_Injection – CD001 May 19 '17 at 13:18
  • Yes sure is .php .The problem is that yesterday worked . I didn't change anything . P.s. What is this WARNING WARNING? – martha t May 19 '17 at 13:29
  • warning because you have some serious sql injection problem here – t-n-y May 19 '17 at 13:36
  • Oh yes i know that . B.t.w. i see from another question that maybe the problem is that must access to my file over my webserver using an URL like http://.. but after pressing submit button the url is like file://... . How can i change that? – martha t May 19 '17 at 13:50
  • I just have to write the URL http://localhost/Myfolder/myhtmlfile.html from the beginnig and not just open my html file – martha t May 19 '17 at 14:48

0 Answers0