Jazzy 1012
asked on
Getting info from database not working
This is page1:
This is page2:
<?php
session_start();
if(isset( $_SESSION['id']))
{
header("Location: home.php");
}
?>
<!DOCTYPE HTML>
<html>
<head>
<link href="//netdna.bootstrapcdn.com/bootstrap/3.0.3/css/bootstrap.min.css" rel="stylesheet">
<link href = "http://fonts.googleapis.com/css?family=Roboto:400">
<link href="//maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css" rel="stylesheet">
</head>
<body>
<style>
{
background-color:#fff;
-webkit-font-smoothing: antialiased;
font: normal 14px Roboto,arial,sans-serif;
}
.container {
padding: 25px;
position: fixed;
}
.form-login {
background-color: #EDEDED;
padding-top: 10px;
padding-bottom: 20px;
padding-left: 20px;
padding-right: 20px;
border-radius: 15px;
border-color:#d2d2d2;
border-width: 5px;
box-shadow:0 1px 0 #cfcfcf;
}
h4 {
border:0 solid #fff;
border-bottom-width:1px;
padding-bottom:10px;
text-align: center;
}
.form-control {
border-radius: 10px;
}
.wrapper {
text-align: center;
}
</style>
<div class="container">
<div class="row">
<div class="col-md-offset-5 col-md-3">
<form action="p2.php" method="post">
<title> Welcome.</title>
<div class="form-login">
<h4>Welcome back!</h4>
<?php
if($_GET['i'])
{
echo "<p class = 'alert alert-danger'> Invalid email or password</p> ";
}
?>
<input type="text" id="email" name= "email" class="form-control input-sm chat-input" placeholder="email" required />
</br>
<input type="password" id="password" name= "password" class="form-control input-sm chat-input" placeholder="password" required />
</br>
<a href="forgot.php">Forgot your Password? </a>
</br>
<div class="wrapper">
<span class="group-btn">
<input type="submit" class= "btn btn-primary btn md" value="Log-in" >
</span>
</div>
</div>
</form>
</div>
</div>
</div>
</body>
</html>This is page2:
<?php
session_start();
$email = $_POST['email'];
$password = $_POST['password'];
if($email=="" || $password == "")
{
header("Location: index.php");
}
//echo $_POST['username'];
require "connection.php";
//echo "Connected successfully";
if(!empty($email) && !empty($password)) {
$query = "SELECT * FROM users WHERE email = '$email' AND password = '$password'";
$data = mysqli_query($conn,$query);
echo $data;
die;
if(mysql_num_rows($data) > 0 )
{
echo "it works";
}
else {
header("Location: p1.php/?i=1");
exit();
}
}
else {
die("Query failed");
}
$conn->close();
//close connection ASKER
It's okay, I dont need any security holes, I just need it to be able to work from the database
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It looks like the code mixes the MySQLi extension in the query (line 24) and the MySQL extension in the num_rows (line 27).
MySQLi != MySQL
You probably want to use the MySQLi extension consistently throughout your scripts.
If you want to see tested-and-working examples showing how to use MySQLi, this article can help.
https://www.experts-exchange.com/articles/11177/PHP-MySQL-Deprecated-as-of-PHP-5-5-0.html
If you want to learn how to write programs in PHP, this article can lead you to good learning resources, and help you avoid the many obsolete, insecure, or just plain wrong examples that litter the internet.
https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html
And while you say you "dont need any security holes" you're taking unnecessary risks. Follow Julian's advice and clean up your code. One of the risks is that incorrect external inputs can damage your data model. Perhaps the bigger risk is that someday you will want to get a job writing PHP programs. If a potential employer finds that you wrote or accepted code like this, you will be unemployable.
MySQLi != MySQL
You probably want to use the MySQLi extension consistently throughout your scripts.
If you want to see tested-and-working examples showing how to use MySQLi, this article can help.
https://www.experts-exchange.com/articles/11177/PHP-MySQL-Deprecated-as-of-PHP-5-5-0.html
If you want to learn how to write programs in PHP, this article can lead you to good learning resources, and help you avoid the many obsolete, insecure, or just plain wrong examples that litter the internet.
https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html
And while you say you "dont need any security holes" you're taking unnecessary risks. Follow Julian's advice and clean up your code. One of the risks is that incorrect external inputs can damage your data model. Perhaps the bigger risk is that someday you will want to get a job writing PHP programs. If a potential employer finds that you wrote or accepted code like this, you will be unemployable.
@Jasmine Ikhreishi
Please look at Ray's comment above regarding the mysql_num_rows - I would suggest this is where your problem is. If so then can I re-open the question so you can re-grade.
Please look at Ray's comment above regarding the mysql_num_rows - I would suggest this is where your problem is. If so then can I re-open the question so you can re-grade.
ASKER
Yes please re-open that solved my issue.
You should be hashing your passwords (see password_hash) or SHA
You should not be putting POST vars directly into your query
You should consider using prepared statements to prevent SQL injection attacks.
I would address those issues first because I would be very nervous about this code going live.