HTML
<form type="POST" action="includes/login.php">
<input type="email" name="email" placeholder="email" />
<input type="password" name="password" placeholder="parola" />
<input type="submit" value="Login">
</form>
PHP
<?php
require_once 'config.php';
if(isset($_POST['email']))
{
$email = mysqli_real_escape_string($_POST['email']);
}
else
{
echo "Nu ati completat adresa de e-mail. <br />";
}
if(isset($_POST['password']))
{
$email = mysqli_real_escape_string($_POST['password']);
}
else
{
echo "Nu ati completat parola. <br />";
}
if(isset($_POST['email']) && ($_POST['password']))
{
$query = ("SELECT * FROM `users` WHERE password = '$password' AND email = '$email'");
$result = mysqli_query($link, $query);
$row = mysqli_fetch_array($result);
$count_rows = mysqli_num_rows($result);
if ($count_rows == 1)
{
$_SESSION["login"] = "OK";
header("Location: ../index.php");
}
else
{
header("Location: ../login.php");
}
}
?>
I tried switching from MySQL to MySQLi and I'm sure it's related to this. My form is not passing values to the PHP script even if the inputs have a name. Did some research here on StackOverflow and found many questions about forms not passing data but there was usually a typo or a missing name, which is not my case (I think).
(I know that the password is not secured yet, I'll add a SHA256 or something there soon so don't stress about it)
Tried echoing the query and it's just blank where the password and email address should be.
SELECT * FROM `users` WHERE password = '' AND email = ''
I also get this warning:
Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in C:\xampp\htdocs\breloc\includes\login.php on line 4
Line 4 in my script is:
$email = mysqli_real_escape_string($_POST['password']);
type="post" to method="post"mysqli_real_escape_string function.string mysqli_real_escape_string ( mysqli $link , string $escapestr )
As from Docs, the first parameter must be mysqli resource and its missing within your code, and also change
<form type="POST">
into
<form method="post">
So your code looks like
mysqli_real_escape_string($link,$_POST['email']);// and been repeated at all those occurences
According to the Documentation http://php.net/manual/de/mysqli.real-escape-string.php you must provide the mysqli ressource as first parameter of the function.
make change to Your form tag
<form type="POST">
to
<form method="POST">
You should use method instead of type in your <form> tag, like this:
<form method="POST" action="includes/login.php">
<form method="POST" action="includes/login.php">
<input type="email" name="email" placeholder="email" />
<input type="password" name="password" placeholder="parola" />
<input type="submit" value="Login" name="submit">
</form>
<?php
require_once 'config.php';
if(isset($_POST['submit'])) {
if(!empty($_POST[email]))
{
$email = mysqli_real_escape_string($link,$_POST['email']);
}
else
{
echo "Nu ati completat adresa de e-mail. <br />";
}
if(!empty($_POST['password']))
{
$password = mysqli_real_escape_string($link,$_POST['password']);
}
else
{
echo "Nu ati completat parola. <br />";
}
if(!empty($_POST['email']) && !empty($_POST['password']))
{
$query = ("SELECT * FROM `users` WHERE password = '".$password."' AND email = '".$email."'");
$result = mysqli_query($link, $query);
$row = mysqli_fetch_array($result);
$count_rows = mysqli_num_rows($result);
if ($count_rows == 1)
{
$_SESSION['login'] = "OK";
header("Location: ../index.php");
}
else
{
header("Location: ../login.php");
}
}}
?>
set 'method' not type
<form method="POST" action="includes/login.php">
<input type="email" name="email" placeholder="email" />
<input type="password" name="password" placeholder="parola" />
<input type="submit" value="Login">
</form>
don't forget to connect to your db and pass the that connection to your mysqli_query and mysqli_real_escape_string functions
<?php
require_once 'config.php';
$con=mysqli_connect("localhost","my_user","my_password","my_db");
if(isset($_POST['email']))
{
$email = mysqli_real_escape_string($con, $_POST['email']);
}
else
{
echo "Nu ati completat adresa de e-mail. <br />";
}
if(isset($_POST['password']))
{
$email = mysqli_real_escape_string($con,$_POST['password']);
}
else
{
echo "Nu ati completat parola. <br />";
}
if(isset($_POST['email']) && ($_POST['password']))
{
$query = ("SELECT * FROM `users` WHERE password = '$password' AND email = '$email'");
$result = mysqli_query($con, $query);
$row = mysqli_fetch_array($result);
$count_rows = mysqli_num_rows($result);
if ($count_rows == 1)
{
$_SESSION["login"] = "OK";
header("Location: ../index.php");
}
else
{
header("Location: ../login.php");
}
}
?>