0

I am trying to make a verification for my $_POST to database on PHP. I noticed something very strange. Whenever i use if(isset($_POST['login_btn'])), it gets authenticated, but when i use if(!empty($_POST['login_btn'])), notice that it never gets authenticated (NO WARNING as normal on !empty()...) But why is it not working on the same code? Isn't it both same and intercgangeable?

Here is my code i tried to get it to work.......Is there a difference in its application and working that i don't know?

if(!empty($_POST['submit'])){
    
    $username = $_POST["username"];
    $password = $_POST["password"];
    
    
    
    include 'dbconnect.php';
    
    $conn = "select * from USERS where password='$password' AND (username='$username')";
    
    $result = mysqli_query($db, $conn);
    
    $projects = array();
    if(mysqli_num_rows($result) == 1) {
        
        $projects || $logged_in_user = mysqli_fetch_assoc($result);
       ...........// other codes
u_mulder
  • 54,101
  • 5
  • 48
  • 64
Coder_Craft
  • 39
  • 3
  • 1
    So `var_dump($_POST['your_button'])` and see it's value. – u_mulder Jun 22 '22 at 10:49
  • 1
    **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) – Dharman Jun 22 '22 at 10:53
  • 1
    **Never store passwords in clear text or using MD5/SHA1!** Only store password hashes created using PHP's [`password_hash()`](https://php.net/manual/en/function.password-hash.php), which you can then verify using [`password_verify()`](https://php.net/manual/en/function.password-verify.php). Take a look at this post: [How to use password_hash](https://stackoverflow.com/q/30279321/1839439) and learn more about [bcrypt & password hashing in PHP](https://stackoverflow.com/a/6337021/1839439) – Dharman Jun 22 '22 at 10:53
  • Yes, i understand the warning. I just simply put that out there for illustration of my problem. Just a simple illustration of it. – Coder_Craft Jun 22 '22 at 11:02
  • @u_mulder , I got a string(0) "" – Coder_Craft Jun 22 '22 at 11:10

0 Answers0