I keep receiving multiple error messages when i try to pull my username and pass
ID: 3600068 • Letter: I
Question
I keep receiving multiple error messages when i try to pull my username and password from my database table.
Notice: Undefined index: user in C:wamp64wwwWebsitesloginprocess.php on line 3
Notice: Undefined index: pass in C:wamp64wwwWebsitesloginprocess.php on line 4
Notice: Undefined variable: localhost in C:wamp64wwwWebsitesloginprocess.php on line 8
Notice: Undefined index: $username in C:wamp64wwwWebsitesloginprocess.php on line 8
Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, null given in C:wamp64wwwWebsitesloginprocess.php on line 8
Notice: Undefined index: $password in C:wamp64wwwWebsitesloginprocess.php on line 9
Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in C:wamp64wwwWebsitesloginprocess.php on line 9
Fatal error: Uncaught Error: Call to undefined function mysql_query() in C:wamp64wwwWebsitesloginprocess.php:20 Stack trace: #0 {main} thrown in C:wamp64wwwWebsitesloginprocess.php on line 20
Process.php
<?php
//get values to pass from form in login.php file
$username = $_POST['user'];
$password = $_POST['pass'];
//Prevent mysql injection
$username = stripcslashes($username);
$password = stripcslashes($password);
$username = mysqli_real_escape_string($localhost,$_POST['$username']);
$password = mysqli_real_escape_string($_POST['$password']);
//connect to database
$user = "root";
$pass = "MONAMAKER";
$db = "login";
$db = new mysqli('localhost', $user, $pass, $db) or die("Unable to connect");
//Query the database for user
$result = mysql_query("select * from users where username = '$username' and password = '$password'")
or die("Failed to query database".mysql_error());
$row = mysql_fetch_array($result);
if ($row['username'] == $username && $row['password'] == $password){echo "Login Successful!!!";
}else{
echo "Failed to login";}
?>
login.php file
<html>
<head>
<title> Login Page</title>
</head>
<body>
<div id="frm">
<form action="process.php" method="POST">
<p>
<label>Banner ID:</label>
<input type ="text" id="user" name="user"/>
</p>
<p>
<label>PIN (6 digits):</label>
<input type ="password" id="pass" name="pass"/>
</p>
<p>
<input type ="submit" id="btn" name="Login"/>
</p>
</form>
</body>
</html>
Explanation / Answer
process.php:
----------------
<?php
//get values to pass from form in login.php file
$username = $_POST['user'];
$password = $_POST['pass'];
//Prevent mysql injection
$username = stripcslashes($username);
$password = stripcslashes($password);
$username = mysqli_real_escape_string($localhost,$_POST['$username']);
$password = mysqli_real_escape_string($_POST['$password']);
//connect to database
$user = "root";
$pass = "MONAMAKER";
$db = "login";
$mysqli = new mysqli('localhost', $user, $pass, $db) or die("Unable to connect");
//Query the database for user
$result = $mysqli->query("select * from users where username = '$username' and password = '$password'")
or die("Failed to query database".mysql_error());
$row = $result->fetch_assoc();
if ($row['username'] == $username && $row['password'] == $password){echo "Login Successful!!!";
}else{
echo "Failed to login";}
?>
I have changed the following lines in the 'process.php' file.
$mysqli = new mysqli('localhost', $user, $pass, $db) or die("Unable to connect");
$result = $mysqli->query("select * from users where username = '$username' and password = '$password'")
$row = $result->fetch_assoc();
Why because, we are using 'new mysqli' to connect the database instead of 'mysql_connect'. So we have to use 'mysqli' API for executing the query and fetching data.
Or else we have to connect the database with 'mysql_connec'.