PHP Mysqli login form - Help

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Jpergega
Forum Newbie
Posts: 3
Joined: Sat Feb 15, 2014 9:29 am

PHP Mysqli login form - Help

Post by Jpergega »

Hi I am trying to build a login form for my website but the code is keep giving me error I have made them bold:

<?php
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST")
{
//connect to database
$con=mysqli_connect("localhost","root","","") or die();
//execute query
$query ="SELECT Username, Password from `useraccount` where Username= '$_POST[Username]'and Password='$_POST[Password]'";
$result= \mysqli_query($query);
while($row = mysqli_fetch_array($result))
{
if($_POST['Username']==$row['Username'] && $_POST['Password']==$row['Password'])
{

header("Location:account.php");
}
else
{
echo "You got credentials wrong";
}
}

}

?>

Also is it correct if I put the code below in the account.php?
<?php

session_start();

echo "Welcome ". $_SESSION['username'];

?>
<?php

session_destroy();

header("Location:login.php");

?>
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: PHP Mysqli login form - Help

Post by Celauran »

Take some time to look through the MySQLi documentation

Code: Select all

$con=mysqli_connect("localhost","root","","") or die();
Here you're telling it to connect to localhost as root with no password (!) and you to use no database. You really need to specify that fourth argument before anything is going to work.
http://ca1.php.net/manual/en/mysqli.construct.php

Code: Select all

$query ="SELECT Username, Password from `useraccount` where Username= '$_POST[Username]'and Password='$_POST[Password]'";
You're passing unsanitized user data directly into your query. This will end in tears. Either escape your inputs or, better still, use prepared statements. This also suggests you're storing passwords in plain text, which you really shouldn't be doing. Hash your passwords before storing them. When a user tries to log in, hash the password they provided and compare the hashes.

Code: Select all

$result= \mysqli_query($query);
mysqli_query requires two arguments; the connection to use, and the query to run, in that order. You're only providing one argument.
http://ca1.php.net/manual/en/mysqli.query.php
but the code is keep giving me error
In future, please post the errors you're getting. It makes troubleshooting these things much easier.
Post Reply