0

I am currently stocked :( basically I am doing a login page There is no problem with the login page but once i submit it... this is my code for my login page. 

<form action= "process.php" method="POST">
Username: <input type="text" id="user" name="username">
Password: <input type="password" id="pass" name="password">
<input type="submit" value="Submit" >

now my process.php however is making the same error..I cant seem to find the problem. Please Help Here is the code

<?php
    $username = $_POST['user'];
    $password = $_POST['pass'];

    //to prevent sql injection
    $username = stripcslashes($username);
    $password = stripcslashes($password);
    $username = mysql_real_escape_string($username);
    $password = mysql_real_escape_string ($password);

    //connect to the server and select database
    mysql_connect("localhost","root","");
    mysql_select_db("franklin offshore");

    //query the database for user
    $result = mysql_query("select * from login where username='$username' 
    and password='$password'")
        or die ("Failed to query database ".mysql_error());
    $row = mysql_fetch_array($result);
    if ($row['username'] == $username && $row['password'] == $password)
    {
        echo "LOGIN SUCCESS WELCOME" .$row['username'];
    }
    else
    {
        echo "Failed to LOGIN" ;
    }
?>

This is what it keeps showing

Fatal error: Uncaught Error: Call to undefined function mysql_real_escape_string()

Please help

Kim Aleah
  • 23
  • 1
  • 7
  • Most like your hosting uses PHP 7, and mysql_* extension has been completely removed from PHP 7. Also, Your code is open to [SQL injection](https://stackoverflow.com/q/332365/2469308) related attacks. Please learn to use [Prepared Statements](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Madhur Bhaiya Oct 07 '18 at 12:53
  • how can i know if im using php 7..however i have an phpMyAdmin 4.8.3 – Kim Aleah Oct 07 '18 at 16:18
  • If you are on linux, go to terminal and type `php -v` and press enter. You will get the PHP version number – Madhur Bhaiya Oct 07 '18 at 16:22

2 Answers2

0

I recommend to use mysqli (replace mysql with mysqli in your code) and to connect to your database with a variable.

Like this:

$db = mysqli_connect("localhost", "username", "", "database");

Then you have to put $db in your mysqli_query as a parameter.

Here is an example:

$result = mysqli_query($db, "select * from login where username='$username' and password='$password'");
Jakob
  • 1,858
  • 2
  • 15
  • 26
0

Try below... It will work.

<?php
$username = $_POST['user'];
$password = $_POST['pass'];

$username = stripcslashes($username);
$password = stripcslashes($password);

$db = mysqli_connect("localhost","root","","franklin offshore");

$result = mysqli_query($db, "select * from login where username = '$username' and password = '$password'")
                or die("Faild to query database " .mysqli_error());
$row = mysqli_fetch_array($result);
if ($row['username']== $username && $row['password'] == $password){
    echo "Login success!!! Welcome " .$row['username'];
} else {
    echo "Faild to login!";
}

?>

As someone mention in above you need to replace all the mysql with mysqli in your code.

Please refer this link MySQL vs MySQLi when using PHP

And also remove "mysql_real_escape_string" code also.

Thank you.

Nishan
  • 15
  • 4