0

I use PHP to check the password and re-password if it is correct I will enter the data if it is wrong I will print a message in the span tag. How to print errors in span tag in HTML? Thank for help

<?php
    if(isset($_POST["username"]) && isset($_POST["password"]) && isset($_POST["name"]) && isset($_POST["e-mail"])) {
        $accPhone = $_POST["username"];
        $accPasswd = $_POST["password"];
        $accPasswd=md5($_POST['password']);
        $accName = $_POST["name"];
        $accMail = $_POST["e-mail"];
        
        if('password' === 're-password') {
            $query = "INSERT INTO accounts(accPhone,accPasswd,accName,accMail,accType) VALUES ('$accPhone','$accPasswd','$accName','$accMail','1')";
            $result = $conn->query($query) or die("Query failed: " . $conn->error);
        } else {
            // print error to span tag in html
        }
    }
DarkBee
  • 16,592
  • 6
  • 46
  • 58
Nguyễn Khang
  • 43
  • 1
  • 6
  • This is usually called validation, not necessarily an error, you use http or the session layer along with a header("location: login page"); and present the error in any html on that page, could it be a DIV tag? – Phil Apr 22 '22 at 04:48
  • I plan to use a span tag to validate the error information but don't know how to print that information to the span tag – Nguyễn Khang Apr 22 '22 at 05:18
  • 1
    You are open for [SQL injection](https://stackoverflow.com/questions/601300/what-is-sql-injection) – DarkBee Apr 22 '22 at 05:51
  • Hashing functions like MD5, SHA256, etc. should never be used to store passwords as these options are way to insecure to store them. Please have a look at [password_hash](https://www.php.net/manual/en/function.password-hash.php) – DarkBee Apr 22 '22 at 05:52
  • What happens if I fill out the form with a password of: "'); delete * from accounts;". This is the sql injection DarkBee is referring to. – Joel M Apr 22 '22 at 06:48
  • Could you please append the HTML form which is posting these parameters to your question? – Phil Apr 22 '22 at 13:50

2 Answers2

1

Create one variable called $error at the top of the code and keep it null or 0 while will be easy to check in html later, then just assign your error to one variable and in html part check if that variable is not null or 0 and print it in span

<?php
    $error = '';
    if(isset($_POST["username"]) && isset($_POST["password"]) & isset($_POST["name"]) && isset($_POST["e-mail"])) {
        $accPhone = $_POST["username"];
        $accPasswd = $_POST["password"];
        $accPasswd=md5($_POST['password']);
        $accName = $_POST["name"];
        $accMail = $_POST["e-mail"];

        if('password' === 're-password') {
            $query = "INSERT INTO   accounts(accPhone,accPasswd,accName,accMail,accType) VALUES ('$accPhone','$accPasswd','$accName','$accMail','1')";
            $result = $conn->query($query)
            $error = "Query failed: " . $conn->error;
        }
    }
?>

<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Document</title>
</head>
<body>

    <?= $error != '' ? '<span class="alert alert-danger">'.$error.'</span>' : '' ?>

</body>
</html>
DarkBee
  • 16,592
  • 6
  • 46
  • 58
Shrikunj Vyas
  • 21
  • 4
0

You can do this simply the following code:

<?
if(isset($_POST["username"]) && isset($_POST["password"])
&& isset($_POST["name"]) && isset($_POST["e-mail"])) {
$accPhone = $_POST["username"];
$accPasswd = $_POST["password"];
$accPasswd=md5($_POST['password']);
$accName = $_POST["name"];
$accMail = $_POST["e-mail"];
if('password' === 're-password') {
$query = "INSERT INTO    accounts(accPhone,accPasswd,accName,accMail,accType)
VALUES ('$accPhone','$accPasswd','$accName','$accMail','1')";
$result = $conn->query($query)
or die("Query failed: " . $conn->error);
} else {
echo "<span class='alert alert-danger'>". $error ."</span>";
}
}  
?>
Faizul Islam
  • 77
  • 6