0

I have created two text fields using HTML and I want to process that text into my database.

Using PHP I want to validate that data and also send it into the database; but my problem is that the data that I've entered in the fields are not processing into the database.

My code is as follows:

<form action="index.php" method="post">
<b>username:</b><input type="text" name="textbox1"/>
<b>password:</b><input type="password" name="textbox2"/>
<input type="submit" value="submit">
<?php
    if(isset($_POST['textbox1'])&&isset($_POST['textbox2']))
{
    $conn_error = 'couldnot connected';
    $mysql_user = 'root';
    $mysql_pass = '';
    $mysql_host = 'localhost';
    $mysql_db   = 'yep_recharge';
    $textbox1    = $_POST['textbox1'];
    $textbox2    = $_POST['textbox2'];
    if(empty($textbox1)&&empty($textbox2))
    {
      echo 'required field';
    }
    if(!empty($textbox1)&&!empty($textbox2))
    {
      $query = "SELECT `ID` FROM `yep_registration` WHERE `USERNAME`='$textbox1' AND `PASSWORD`='$textbox2'";//"SELECT `ID` from `yep_registration` WHERE `USER-NAME`='$textbox1' and `PASSWORD` = '$textbox2'";
      if($query_run = mysql_query($query))
      {
        $query_num_rows = mysql_num_rows($query_run);
        if($query_num_rows==0)
        {
          echo 'Invalid User Name And Password:';
        }
        else  if($query_num_rows==1)
        {
        echo 'ok';
        }
      }
    }
    }

    </form>
Danny Beckett
  • 19,460
  • 23
  • 103
  • 133
user1918566
  • 221
  • 1
  • 5
  • 17
  • Are you getting any sql error? – Nikola R. Jun 01 '13 at 03:28
  • Is it printing any of the php messages ? – Rodrigo Jun 01 '13 at 03:29
  • no...the data i've enterd is not showing in the database after clicking submit button...but in case if i remove the action attribute in the form i was processing that data i've entered in that fields – user1918566 Jun 01 '13 at 03:30
  • [Please, don't use `mysql_*` functions in new code](http://bit.ly/phpmsql). They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [red box](http://j.mp/Te9zIL)? Learn about [*prepared statements*](http://j.mp/T9hLWi) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://j.mp/QEx8IB) will help you decide which. If you choose PDO, [here is a good tutorial](http://j.mp/PoWehJ). – John Conde Jun 01 '13 at 03:30
  • **Never** store passwords as raw text data in the database. You should use the crypt function (discussion here http://stackoverflow.com/questions/3820977/am-i-using-phps-crypt-function-correctly). – Fallexe Jun 01 '13 at 03:31
  • What exactly is happening? Do you get a blank screen? An error message? Can you never log in? Does it always log in no matter what you enter? Do you check the return values from your queries to make sure they're working? Do you know about the gaping SQL injection vulnerability in your code? – andrewsi Jun 01 '13 at 03:31
  • no it was not printing any thing – user1918566 Jun 01 '13 at 03:31
  • What is the name of this file ?? Try to put in your action attribute. – Rodrigo Jun 01 '13 at 03:41

3 Answers3

3

Have you connected to the database? You could use the resource handle with some of your mysql functions:

$db = mysql_connect($mysql_host, $mysql_user, $mysql_pass);

So that you can:

$query = mysql_query('query',$db);

(You don't actually need to use the resource handle in the query call. PHP will assume to use the most recently opened db connection)

Milan
  • 146
  • 5
0

You should escape strings first to avoid SQL Injection

$textbox1 = mysql_real_escape_string($textbox1);
$textbox2 = mysql_real_escape_string($textbox2);
$query = "SELECT ID FROM `yep_registration` WHERE USERNAME='$textbox1' AND PASSWORD='$textbox2'";

Use $query_run = mysql_query($query) or die(mysql_error()) to see what's going on

Nikola R.
  • 1,163
  • 6
  • 22
0

Appart from being open to SQL injections, as @Nikola pointed out, you should never store passwords in the clear.

You should not use a simple hash function like MD5 to store your password either (not even salted MD5, nor SHA1, nor SHA256, nor SHA512). Use something good like BCrypt or Crypt/SHA512. More details here.

LexLythius
  • 1,854
  • 1
  • 12
  • 20