My PHP code gives an error. My idea was to just check if the username and password exists in the database and then redirect it to the URL.
enter code hereI have two pages created. One is index and other is redirect. Redirect code is giving problem.
<!DOCTYPE html>
<html>
<body>
<?php
//echo $_POST['uname'];
//echo $_REQUEST['uname'];
$uname=$_POST['uname'];
$pwd=$_POST['pwd'];
//echo $_POST['pwd'];
//echo $_REQUEST['pwd'];
//echo $uname;
//echo $pwd;
$con = mysql_connect("localhost","root","root");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
$db_found=mysql_select_db("sn", $con);
//$result = mysql_query("SELECT fname,password FROM udata");
if ($db_found)
{
$result = mysql_query("SELECT fname,password FROM udata");
while ( $db_field = mysql_fetch_assoc($result) )
{
if ($db_field['uname']==$uname && $db_field['password']==$pwd)
header( 'Location: www.youtube.com' ) ;
/*print $db_field['fname'] . "<BR>";
print $db_field['lname'] . "<BR>";
print $db_field['uname'] . "<BR>";
print $db_field['password'] . "<BR>";
*/
}
mysql_close($con);
}
else
{
print "Database NOT Found ";
mysql_close($db_handle);
}
?>
</body>
</html>
Please help me with this.
I think you have to change this:
if ($db_field['uname']==$uname && $db_field['password']==$pwd)
to this:
if ($db_field['fname']==$uname && $db_field['password']==$pwd)
Your code is full of errors. Properly indenting it should show some missing opening/closing braces: you should be able to find them yourself!
Furthermore, you directly start to output the HTML page. But, later on you use
header( 'Location: www.youtube.com' ) ;
if the username and password are correct to redirect the browser to another page. You cannot send HTTP headers after you started to output the HTML page already (without some advanced tricks)
After the redirect you need to stop the program flow (as it does not matter anymore) using exit().
Assuming you have multiple users in your udata table, you need to add search conditions to the query. There are many possibilities, this is one:
$result = mysql_query("SELECT password FROM udata WHERE fname='$uname'");
Now you can check if this returned a record (if not the user does not exist) and whether the password is correct.
Note: directly using the $_POST[] values makes your application vulnerable SQL injection attacks (amongst others). You need to sanitize these inputs.
Additional note/pro-tip: Directly stores passwords in your database is a bad-thing(tm). Instead use hashes and salt (look it up with your favorite search engine)
As already commented by njk you should not use the depreciated mysql_* functions anymore.
You are missing a couple of { and you should add exit(); after your header('Location: www.youtube.com');
<?php
$uname=$_POST['uname'];
$pwd=$_POST['pwd'];
$con = mysql_connect("localhost","root","root");
if (!$con) {
die('Could not connect: ' . mysql_error());
}
$db_found=mysql_select_db("sn", $con);
if ($db_found) {
$result = mysql_query("SELECT fname,password FROM udata");
while ( $db_field = mysql_fetch_assoc($result) ) {
if ($db_field['fname']==$uname && $db_field['password']==$pwd) {
header('Location: www.youtube.com');
exit();
}
}
mysql_close($con);
} else {
print "Database NOT Found ";
mysql_close($db_handle);
}
?>