By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,982 Members | 1,955 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,982 IT Pros & Developers. It's quick & easy.

Login

P: n/a
hi

how to login ...

<form name="form1" method="post" action="">
<input type="text" name="user">
<input type="password" name="id">
<input type="submit" name="Submit" value="Submit">
</form>

In the above form..i want to fetch data from database of mysql ..to
the field of name and id .....when
will enter to the name and id it will compare to mysql fields how to
write to this form code in mysql queries through php..........

May 30 '07 #1
Share this Question
Share on Google+
3 Replies


P: n/a
On May 30, 5:24 am, java.i...@gmail.com wrote:
hi

how to login ...

<form name="form1" method="post" action="">
<input type="text" name="user">
<input type="password" name="id">
<input type="submit" name="Submit" value="Submit">
</form>

In the above form..i want to fetch data from database of mysql ..to
the field of name and id .....when
will enter to the name and id it will compare to mysql fields how to
write to this form code in mysql queries through php..........
Arg @ bad english :op

I think what you asked is "how do I use mysql and PHP to grab a
username and password from the database and then check to see if the
information submitted is correct?".

First - let's make a "standards compliant form".

<form name="form1" method="post" action="index.php">
<input type="text" id="user" name="user">
<input type="password" id="pass" name="pass">
<input type="submit" id="Submit" name="Submit" value="Submit">
</form>

You need an action for your form, so the information can be posted
somewhere, and the Name attribute is depricated - but for cross
browser compatability issues it is still best to use it. But it should
always be used with the ID attribute.

I changed the password name and id to "pass" since it makes more
sense.

Now I am assuming you have already made a database, with whatever
structure.

So now all you need is the following.

<?php
/* Connect to the database. */
$link = mysql_connect('mysql_host', 'mysql_user', 'mysql_password')
or die('Could not connect: ' . mysql_error());
echo 'Connected successfully';
mysql_select_db('my_database') or die('Could not select database');

/* Get posted information. */
$postUser = (isset($_POST["user"])) ? $_POST["user"] :NULL;
$postPass = (isset($_POST["pass"])) ? $_POST["pass"] :NULL;

/* Now I am going to skip the error checking part of this process, let
me know if you still need help with that. */

/* Perform SQL Query */
$query = "SELECT * FROM my_table WHERE username = $postUser AND
password = $postPass";

$result = mysql_query($query) or die('Query failed: ' .
mysql_error());

/*
This is where you would output a result based on the number of rows
returned.
If the number of rows is greater than 1 you need to rethink your
registration process.
*/
?>

May 30 '07 #2

P: n/a
SterLo wrote:
First - let's make a "standards compliant form".
<form name="form1" method="post" action="index.php">
<input type="text" id="user" name="user">
<input type="password" id="pass" name="pass">
<input type="submit" id="Submit" name="Submit" value="Submit">
</form>
Your changes are no more compliant with HTML standards than the original
was. You've added action="index.php", even though action="" is fine; and
you've added unnecessary id attributes to all the elements, even though
they're not used anywhere.

However, the form will not pass HTML or XHTML validation (not Strict
anyway) because FORM elements are only allowed to have block-level
content, but INPUT elements are inline content.

Instead the following would validate as HTML Strict:

<form name="form1" method="post" action="">
<fieldset>
<legend>Log in</legend>
<input type="text" name="user">
<input type="password" name="id">
<input type="submit" name="Submit" value="Submit">
</fieldset>
</form>

or as XHTML:

<form name="form1" method="post" action="">
<fieldset>
<legend>Log in</legend>
<input type="text" name="user" />
<input type="password" name="id" />
<input type="submit" name="Submit" value="Submit" />
</fieldset>
</form>

Your PHP is potentially dangerous, perhaps allowing SQL injection.

--
Toby A Inkster BSc (Hons) ARCS
[Geek of HTML/SQL/Perl/PHP/Python/Apache/Linux]
[OS: Linux 2.6.12-12mdksmp, up 95 days, 22:53.]

Non-Intuitive Surnames
http://tobyinkster.co.uk/blog/2007/0...tive-surnames/
May 30 '07 #3

P: n/a
Look - I understand your concern for a piece of code that I generated
in 30 seconds.
I don't think you follow my logic on how forms are supposed to work.
Go here: http://www.quirksmode.org/oddsandends/forms.html

The code that I wrote will most definitely pass a test from
validator.w3.org, if you don't believe me you can check it out.

But regardless - it was not even the point of his question to be HTML
compliant, he just wanted the concept of how to log-in.

The PHP isn't the most solid code, but I would be very surprised if
anyone performed an SQL injection on it.

Notice:
"/* Now I am going to skip the error checking part of this process,
let
me know if you still need help with that. */ "

Any decent error checking and character stripping/adding would solve
most if any security risks.

Thanks for being a self opinionated guru :op

May 31 '07 #4

This discussion thread is closed

Replies have been disabled for this discussion.