Ella Durban Ella Durban - 1 month ago 14
MySQL Question

Sign Up/Log In Form PHP MySQL

Good day!

I have been looking for various solutions on the web but I haven't passed by a single one to solve my problem

Basically I have been making a login system with a registration feature, and everything is working well except when I try to register, it doesn't enter into the database that I have made. Then I tried inserting values into my table, and tried logging in, but all it does was log in even though I did the password wrong.

Here's the database:

+----------+-------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+----------+-------------+------+-----+---------+----------------+
| studID | int(11) | NO | PRI | NULL | auto_increment |
| fname | varchar(30) | NO | | NULL | |
| lname | varchar(30) | NO | | NULL | |
| address | varchar(80) | NO | | NULL | |
| username | varchar(20) | NO | | NULL | |
| password | varchar(20) | NO | | NULL | |
+----------+-------------+------+-----+---------+----------------+


index.html

<html>
<head>
<title>Welcome!</title>
<style>
</head>
<body>
<form name="form1" method="post" action="login.php">
<div align="center">
<p><img src="images/welcome.jpg" /></p>
<table id="title">
<tr>
<td>Username:</td>
<td><input type="text" name="username" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td>&nbsp;</td>
<td><input type="submit" name="submit" value="Log In" /></td>
</tr>
</table>
<p>New here? <a href="signup.php">Register!</a></p>
</div>
</form>
</body>
</html>


login.php

<?php
include("db.php");

session_start();

$username=($_POST['username']);
$password=($_POST['password']);

$result=mysql_query("SELECT count(*) FROM student WHERE username='$username' and password='$password'");

$count=mysql_fetch_array($result);

if($count==0){
session_register("username");
session_register("password");
header("location:success.php");
} else {
echo 'Wrong Username or Password! Return to <a href="index.html">login</a>';
}
?>


and db.php

<?php
$conn = mysql_connect('localhost', 'root', 'ella');
if (!$conn)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("studrecord", $conn);
?>


signup.php (it's quite long, will cut some unnecessary parts)

<html>
<head>
<title>Register</title>
</head>
<body>
<form action="index.html">
<table id="title">
<tr>
<td>First Name:</td>
<td><input type="text" name="fname" /></td>
</tr>
<tr>
<td>Last Name:</td>
<td><input type="text" name="lname" /></td>
</tr>
<tr>
<td>Address:</td>
<td><input type="text" name="address" /></td>
</tr>
<tr>
<td>Username:</td>
<td><input type="text" name="username" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td>&nbsp;</td>
<td><input type="submit" name="submit" value="Sign Up" /></td>
</tr>
</table>
</div>
</form>

<?php
if (isset($_POST['submit']))
{
include 'db.php';

$fname=$_POST['fname'];
$lname=$_POST['lname'];
$address=$_POST['address'];
$username=$_POST['username'];
$password=$_POST['password'];

mysql_query("INSERT INTO student(fname,lname,address,username,password)
VALUES ('$fname','$lname','$address','$username','$password')");
}
?>
</...


Thank you in advance!

Answer

Looking at your signup.php document, it looks like your form action takes you back to the index.php page. That means the logic of the following PHP code never actually takes place. Use this:

<form action="signup.php" method="post">

instead of <form action="index.html">.

Try changing the form action to the page itself and see if you get data inserted into your table.

Some side notes:

  • As others have said here, the mysql commands are deprecated in current versions of PHP, so either mysqli or PDO would be better to use.
  • Instead of asking for 'SELECT count(*) FROM student WHERE username='$username' and password='$password', it might be better to just ask for the result rows themselves by replacing COUNT(*) with simply *. You may then use mysqli_num_rows to count the rows.
  • I hope I'm not missing anything, but I am a little confused by the logic on your index.php page. You say

    if($count==0){
        // Register a session ...
    } else { 
        // Wrong password/username...
    }
    

    where I think you mean if($count > 0), because you want a row to exist with that username/password combination.

  • If you plan on using database queries extensively in your project, I highly recommend reading the documentation on PDO and prepared statements in particular. This will allow you to largely avoid SQL injection issues and also to more easily prepare flexible queries.

Good luck in your endeavors!

Comments