PLEASE dont comment on here telling me about my SQL injections, I already know :)…
Every time I use my login.html page (which is linked to the login.php file) the code generates the following message: ‘Please enter a valid username and a password!’
The code was working fine earlier so i’m not sure what i have done wrong …
The code is below :
<?php
$username = $_POST['username'];
$password = $_POST['password'];
if ($username&&$password)
{
$connect = mysql_connect("localhost","user_ben","password") or die ("Couldn't Connect!");
mysql_select_db("user_phplogin"); //select database
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
if(mysql_num_rows($query))
{
while ($row = mysql_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
// check to see if they match
if ($username==$dbusername&&$password==$dbpassword)
{
echo "Youre in! <a href='members.php'> Visit your user profile! </a>";
}
else
{
echo "Incorrect Password! <a href='login.html'> Return to login page</a>";
}
}
else
{
die("That user doesnt exist! <a href='login.html'> Return to login page</a>");
}
}
else
{
die("Please enter a valid username and a password! <a href='login.html'> Return to login page</a>");
}
?>
This is my form code…
<form action='login.php' method='submit'>
Username: <input type='text' name='username'/><br>
Password: <input type='password' name='password'/><br>
<input type='submit' value='Log In'/>
</form>
check like
it will check not empty also username and password is set
and
since it default is
GET(it mean if you dont type method it will be GET)also you are using
method="submit"there isn’t any submit methodw3 form:17.3 The FORM element