PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Thu Nov 27, 2014 12:05 pm

All times are UTC - 5 hours




Post new topic Reply to topic  [ 78 posts ]  Go to page 1, 2, 3, 4, 5, 6  Next
Author Message
 Post subject: Code Issue
PostPosted: Thu Apr 12, 2012 8:40 am 
Offline
Forum Commoner

Joined: Wed Apr 11, 2012 8:54 am
Posts: 50
Location: United States
I'm creating a log-in and this is my code:

Syntax: [ Download ] [ Hide ]
<?php

// error reporting temporarily disabled
error_reporting (E_ALL ^ E_NOTICE);

$username = $_POST['username'];
$password = $_POST['password'];

if ($username&&$password)
{

$connect = mysql_connect("localhost","root","") or die("Could not connect");
mysql_select_db("tracker") or die("Could not find database");
   
}
else
    die("Incorrect information");
?>


I followed a tutorial but something is wrong. If I type in an incorrect database name or any incorrect MySQL information, it says "Incorrect information", which is my else for if the password/user is incorrect. And when I do type in the correct pass/username, it still says Incorrect information. Can you see anything I've blatantly done wrong?


Top
 Profile  
 
 Post subject: Re: Code Issue
PostPosted: Thu Apr 12, 2012 8:56 am 
Online
Moderator
User avatar

Joined: Tue Nov 09, 2010 3:39 pm
Posts: 3794
Location: Montreal, Canada
You aren't checking if the form has been submitted. When it hasn't, $username and $password contain no value, so your if statement fails and the else is executed.

Perhaps more importantly, any tutorial advocating the use of mysql_connect et al. isn't worth following.

_________________
Stay on top of upgrades.
Supported PHP versions
No longer supported versions


Top
 Profile  
 
 Post subject: Re: Code Issue
PostPosted: Thu Apr 12, 2012 8:57 am 
Offline
Forum Commoner

Joined: Wed Apr 11, 2012 8:54 am
Posts: 50
Location: United States
I read your response on the other guy's thread about that. Is it a security concern or just a bad method in general? What method would you use?


Top
 Profile  
 
 Post subject: Re: Code Issue
PostPosted: Thu Apr 12, 2012 9:04 am 
Online
Moderator
User avatar

Joined: Tue Nov 09, 2010 3:39 pm
Posts: 3794
Location: Montreal, Canada
It's designed for MySQL 4, is missing features, is no longer developed, and was replaced by MySQLi way back in 2004. That people still use it is mind-boggling. MySQLi is a better option if you'll only be working with MySQL databases. PDO is better still as it offers portability across multiple DBMS without having to rewrite any code.

_________________
Stay on top of upgrades.
Supported PHP versions
No longer supported versions


Top
 Profile  
 
 Post subject: Re: Code Issue
PostPosted: Thu Apr 12, 2012 9:21 am 
Offline
Forum Commoner

Joined: Wed Apr 11, 2012 8:54 am
Posts: 50
Location: United States
Celauran wrote:
It's designed for MySQL 4, is missing features, is no longer developed, and was replaced by MySQLi way back in 2004. That people still use it is mind-boggling. MySQLi is a better option if you'll only be working with MySQL databases. PDO is better still as it offers portability across multiple DBMS without having to rewrite any code.


Well, looks like I'll be reading for a while. :P

In response to your first reply where you said it was not checking to verify submission, I Google'd it and found:

Syntax: [ Download ] [ Hide ]
if($_SERVER['REQUEST_METHOD'] == "POST")


But that didn't seem to work, either.


Top
 Profile  
 
 Post subject: Re: Code Issue
PostPosted: Thu Apr 12, 2012 9:23 am 
Online
Moderator
User avatar

Joined: Tue Nov 09, 2010 3:39 pm
Posts: 3794
Location: Montreal, Canada
Syntax: [ Download ] [ Hide ]
<?php

if (!empty($_POST))
{
    if ($_POST['username'] && $_POST['password'])
    {
        // etc
    }
}

_________________
Stay on top of upgrades.
Supported PHP versions
No longer supported versions


Top
 Profile  
 
 Post subject: Re: Code Issue
PostPosted: Thu Apr 12, 2012 9:33 am 
Offline
Forum Commoner

Joined: Wed Apr 11, 2012 8:54 am
Posts: 50
Location: United States
This is the markup after I implemented your code:

Syntax: [ Download ] [ Hide ]
<?php

// error reporting temporarily disabled
error_reporting (E_ALL ^ E_NOTICE);

$username = $_POST['username'];
$password = $_POST['password'];

if (!empty($_POST))
{
    if ($_POST['username'] && $_POST['password'])
    {
    $connect = mysql_connect("localhost","root","") or die("Could not connect");
    mysql_select_db("tracker") or die("Could not find database");
    }
}
   
else
    die("Incorrect information");

?>


Is this correct?


Top
 Profile  
 
 Post subject: Re: Code Issue
PostPosted: Thu Apr 12, 2012 9:39 am 
Online
Moderator
User avatar

Joined: Tue Nov 09, 2010 3:39 pm
Posts: 3794
Location: Montreal, Canada
Syntax: [ Download ] [ Hide ]
<?php

/*
 * Turn error reporting off in production code. Turning it off in a development
 * environment just makes debugging harder and provides no benefit. You really
 * ought to set this in your php.ini
 */

error_reporting (E_ALL | E_STRICT);

// This serves no purpose.
// $username = $_POST['username'];
// $password = $_POST['password'];

if (!empty($_POST))
{
    if ($_POST['username'] && $_POST['password'])
    {
        // Better to abstract this away and use an include
        $connect = mysql_connect("localhost","root","") or die("Could not connect");
        mysql_select_db("tracker") or die("Could not find database");
    }
    // Move this inside the $_POST check
    else
        die("Incorrect information");

}

?>

_________________
Stay on top of upgrades.
Supported PHP versions
No longer supported versions


Top
 Profile  
 
 Post subject: Re: Code Issue
PostPosted: Thu Apr 12, 2012 9:49 am 
Offline
Forum Commoner

Joined: Wed Apr 11, 2012 8:54 am
Posts: 50
Location: United States
This is what I have now. I apologize for being so helpless, but I've only started learning; I'm certainly trying to troubleshoot as much as I can.

Syntax: [ Download ] [ Hide ]
<?php

if (!empty($_POST))
{
    if ($_POST['username'] && $_POST['password'])
    {
    $connect = mysql_connect("localhost","root","") or die("Could not connect");
    mysql_select_db("tracker") or die("Could not find database");
    }
    else
        die("Incorrect information");    
}
   
?>


I didn't change the mysql_connect because I have not yet read up on includes, so I'll do that in a little while. Other than that, have I placed my code correctly?


Top
 Profile  
 
 Post subject: Re: Code Issue
PostPosted: Thu Apr 12, 2012 9:51 am 
Online
Moderator
User avatar

Joined: Tue Nov 09, 2010 3:39 pm
Posts: 3794
Location: Montreal, Canada
That looks good.

There really isn't much to includes. Cut/paste the mysql_ bit into its own file, then call it when the page loads.
Syntax: [ Download ] [ Hide ]
include 'path/to/file';

Easy peasy.

_________________
Stay on top of upgrades.
Supported PHP versions
No longer supported versions


Top
 Profile  
 
 Post subject: Re: Code Issue
PostPosted: Thu Apr 12, 2012 9:53 am 
Online
Moderator
User avatar

Joined: Tue Nov 09, 2010 3:39 pm
Posts: 3794
Location: Montreal, Canada
I'll also note at this point that or die() is fine for development code and debugging, but is completely unacceptable in production code. Be sure to take the time to read up on error and exception handling.

_________________
Stay on top of upgrades.
Supported PHP versions
No longer supported versions


Top
 Profile  
 
 Post subject: Re: Code Issue
PostPosted: Thu Apr 12, 2012 9:54 am 
Offline
Forum Commoner

Joined: Wed Apr 11, 2012 8:54 am
Posts: 50
Location: United States
Celauran wrote:
That looks good.

There really isn't much to includes. Cut/paste the mysql_ bit into its own file, then call it when the page loads.
Syntax: [ Download ] [ Hide ]
include 'path/to/file';

Easy peasy.


Would I use the same code as I used with my existing mysql_connect or would it be a different bit of code? From what I've seen on Google, the difference is basically placing the data into a separate file. If I'm wrong, certainly correct me.

In regards to my file, I am now seeing:

Syntax: [ Download ] [ Hide ]
Notice: Undefined index: username in C:\xampp\htdocs\Tracker\login.php on line 5
Incorrect information


Top
 Profile  
 
 Post subject: Re: Code Issue
PostPosted: Thu Apr 12, 2012 9:57 am 
Online
Moderator
User avatar

Joined: Tue Nov 09, 2010 3:39 pm
Posts: 3794
Location: Montreal, Canada
TheHappyPeanut wrote:
Would I use the same code as I used with my existing mysql_connect or would it be a different bit of code? From what I've seen on Google, the difference is basically placing the data into a separate file. If I'm wrong, certainly correct me.

That's right. Straight cut and paste. Again, you don't want to use mysql_ functions, but you can read up on MySQLi/PDO when you have the time.

TheHappyPeanut wrote:
In regards to my file, I am now seeing:

Syntax: [ Download ] [ Hide ]
Notice: Undefined index: username in C:\xampp\htdocs\Tracker\login.php on line 5
Incorrect information

That's my bad.
Syntax: [ Download ] [ Hide ]
if (isset($_POST['username']) && isset($_POST['password']))

_________________
Stay on top of upgrades.
Supported PHP versions
No longer supported versions


Top
 Profile  
 
 Post subject: Re: Code Issue
PostPosted: Thu Apr 12, 2012 9:57 am 
Offline
Forum Commoner

Joined: Wed Apr 11, 2012 8:54 am
Posts: 50
Location: United States
Furthermore, the "Incorrect information" string is still there, even though I 100% used the correct user and password.


Top
 Profile  
 
 Post subject: Re: Code Issue
PostPosted: Thu Apr 12, 2012 9:59 am 
Online
Moderator
User avatar

Joined: Tue Nov 09, 2010 3:39 pm
Posts: 3794
Location: Montreal, Canada
TheHappyPeanut wrote:
Furthermore, the "Incorrect information" string is still there, even though I 100% used the correct user and password.

What does this give you?
Syntax: [ Download ] [ Hide ]
var_dump($_POST);

_________________
Stay on top of upgrades.
Supported PHP versions
No longer supported versions


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 78 posts ]  Go to page 1, 2, 3, 4, 5, 6  Next

All times are UTC - 5 hours


Who is online

Users browsing this forum: Bing [Bot] and 11 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group