Login

Re: Login

On May 30, 5:24 am, java.i...@gmail .com wrote:Arg @ bad english :op

I think what you asked is "how do I use mysql and PHP to grab a
username and password from the database and then check to see if the
information submitted is correct?".

First - let's make a "standards compliant form".

<form name="form1" method="post" action="index.p hp">
<input type="text" id="user" name="user">
<input type="password" id="pass" name="pass">
<input type="submit" id="Submit" name="Submit" value="Submit">
</form>

You need an action for your form, so the information can be posted
somewhere, and the Name attribute is depricated - but for cross
browser compatability issues it is still best to use it. But it should
always be used with the ID attribute.

I changed the password name and id to "pass" since it makes more
sense.

Now I am assuming you have already made a database, with whatever
structure.

So now all you need is the following.

<?php
/* Connect to the database. */
$link = mysql_connect(' mysql_host', 'mysql_user', 'mysql_password ')
or die('Could not connect: ' . mysql_error());
echo 'Connected successfully';
mysql_select_db ('my_database') or die('Could not select database');

/* Get posted information. */
$postUser = (isset($_POST["user"])) ? $_POST["user"] :NULL;
$postPass = (isset($_POST["pass"])) ? $_POST["pass"] :NULL;

/* Now I am going to skip the error checking part of this process, let
me know if you still need help with that. */

/* Perform SQL Query */
$query = "SELECT * FROM my_table WHERE username = $postUser AND
password = $postPass";

$result = mysql_query($qu ery) or die('Query failed: ' .
mysql_error());

/*
This is where you would output a result based on the number of rows
returned.
If the number of rows is greater than 1 you need to rethink your
registration process.
*/
?>

Re: Login

SterLo wrote:
Your changes are no more compliant with HTML standards than the original
was. You've added action="index.p hp", even though action="" is fine; and
you've added unnecessary id attributes to all the elements, even though
they're not used anywhere.

However, the form will not pass HTML or XHTML validation (not Strict
anyway) because FORM elements are only allowed to have block-level
content, but INPUT elements are inline content.

Instead the following would validate as HTML Strict:

<form name="form1" method="post" action="">
<fieldset>
<legend>Log in</legend>
<input type="text" name="user">
<input type="password" name="id">
<input type="submit" name="Submit" value="Submit">
</fieldset>
</form>

or as XHTML:

<form name="form1" method="post" action="">
<fieldset>
<legend>Log in</legend>
<input type="text" name="user" />
<input type="password" name="id" />
<input type="submit" name="Submit" value="Submit" />
</fieldset>
</form>

Your PHP is potentially dangerous, perhaps allowing SQL injection.

--
Toby A Inkster BSc (Hons) ARCS
[Geek of HTML/SQL/Perl/PHP/Python/Apache/Linux]
[OS: Linux 2.6.12-12mdksmp, up 95 days, 22:53.]

Non-Intuitive Surnames

Re: Login

Look - I understand your concern for a piece of code that I generated
in 30 seconds.
I don't think you follow my logic on how forms are supposed to work.
Go here: http://www.quirksmode.org/oddsandends/forms.html

The code that I wrote will most definitely pass a test from
validator.w3.or g, if you don't believe me you can check it out.

But regardless - it was not even the point of his question to be HTML
compliant, he just wanted the concept of how to log-in.

The PHP isn't the most solid code, but I would be very surprised if
anyone performed an SQL injection on it.

Notice:
"/* Now I am going to skip the error checking part of this process,
let
me know if you still need help with that. */ "

Any decent error checking and character stripping/adding would solve
most if any security risks.

Thanks for being a self opinionated guru :op