Data from HTML to PHP is always null

Question

I am working to a register login page with php and html. But my php code cannot see the data sent from php. Down are my html and php files.

<html>
<head>
    <meta charset="utf-8">
    <link href = '../css/login.css' rel = 'stylesheet'>
    <title> Login </title>
</head>
<body>
    <form action="../php/login.php" method="post">
    <input id = "loginButton" type="image" src ="../images/loginAndRegister.gif" alt="submit">
    <div class = "panel">

        <p> Login </p>
        <br>
        <br>
        <label> username </label>
        <br>
        <input type = "text" name = "username" required>
        <br>
        <label> password </label>
        <br>
        <input type = "password" name = "password" required>
        <br>
    </div>
    </form>
</body>
</html>

<html>
    <body>
    <?php
    $servername = "localhost";
    $username = "root";
    $password = "";
    $dbname = "dark_souls";

    $conn = new mysqli($servername, $username, $password, $dbname);
    if ($conn->connect_error) {
      die("Connection failed: " . $conn->connect_error);
    }
    $user = isset($_POST['username']) ? $_POST['username'] : NULL;
    $pass = isset($_POST['password']) ? $_POST['password'] : NULL;
    echo $user;

    $sql = "SELECT * FROM users WHERE username = '".$user."' AND password = '".$pass."'";
    $result = $conn->query($sql);
    if ($result->num_rows > 0) {
      header("Location: ../templates/Home.html");
    } else {
      echo "Wrong Credentials";
    }
    ?>

    </body>
    </html>

I have writted that "echo $user" in the php code just to check if it is working. The problem is that I used EXACTLY the same code for register ant there it worked. Help please!

Your code is vulnerable to **sql injection** so use **prepared statements with parameters** instead see https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php and **don't store passwords in plain text** use php hashing for that https://www.php.net/manual/en/book.password.php — nbk, May 17 '20 at 14:41
@Dharman Thank you for the advice. Can I do this also for inserting a password in the database. For register for example. Or it is a different procedure? — Mett, May 19 '20 at 16:50

score 0 · Accepted Answer · answered May 17 '20 at 14:39

0

It might be because the form doesn't have a submit button.

<input type="submit" value="Submit">

answered May 17 '20 at 14:39

Netplan

16

user has a button – nbk May 17 '20 at 14:43
@nbk Image inputs won't process POST arrays. So the answer stands to be right. – Funk Forty Niner May 17 '20 at 15:01
@fthe code calls login.php with a username and password, it is bad programmed, but it works essentially even without the code provided in this answer – nbk May 17 '20 at 15:12

Data from HTML to PHP is always null

1 Answers1