Elson Elson - 4 months ago 12
SQL Question

my php code doesn't validate data with mysql

I hav a Php code. It connects with the server and database, but it does not validate my form data with mysql database table. I hav same exact code which executes, but the following does not execute.........

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?php
session_start();
include_once 'dbconnect.php';

if(isset($_SESSION['user'])!="")
{
header("Location: welcome.html");
}

if(isset($_POST['Submit']))
{
$name = $_POST['loginName'];
$upass = $_POST['loginPass'];
$res=mysql_query("SELECT * FROM authen WHERE name='$name'");
$row=mysql_fetch_array($res);

if($row['passwrd']==$upass)
{
$_SESSION['user'] = $row['user_id'];
header("Location: welcome.html");
}
else
{
?>
<script>alert('wrong details');</script>
<?php
}

}
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!-- JavaScript includes
<script src="http://code.jquery.com/jquery-1.7.1.min.js"></script> -->
<script src="assets/js/jquery-1.11.3.min.js"></script>
<script src="assets/js/jquery-ui-1.10.4.js"></script>
<script src="assets/js/script.js"></script>

<meta charset="utf-8" />
<link rel="stylesheet" href="assets/css/styles.css" />
<link rel="stylesheet" href="assets/css/jquery.fancybox.css" />
</head>
<body>

<div id="formContainer">
<form id="login" method="post">
<p id="lgnfrm">Login Form</p>
<input type="text" name="loginName" id="loginName" placeholder="User Name" required />
<input type="password" name="loginPass" id="loginPass" placeholder="password" required />
<input type="submit" name="Submit" id="sub" value="Login" />
</form>
</div>

<footer>

</footer>



</body>
</html>


I hav modified the code as directed but still i get the same response, i.e nothing happens

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?php
session_start();
include_once 'dbconnect.php';

if(isset($_SESSION['user']) && $_SESSION['user'] != "")
{
header("Location: welcome.html");
}

if(isset($_POST['Submit']))
{
$name = mysql_real_escape_string($_POST['loginName']);
$upass = mysql_real_escape_string($_POST['loginPass']);
$res=mysql_query("SELECT * FROM authen WHERE name='$name'");
$row=mysql_fetch_array($res);

if($row['passwrd']==md5($upass))
{
$_SESSION['user'] = $row['user_id'];
header("Location: welcome.html");
}
else
{
?>
<script>alert('wrong details');</script>
<?php
}

}
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!-- JavaScript includes
<script src="http://code.jquery.com/jquery-1.7.1.min.js"></script> -->
<script src="assets/js/jquery-1.11.3.min.js"></script>
<script src="assets/js/jquery-ui-1.10.4.js"></script>
<script src="assets/js/script.js"></script>

<meta charset="utf-8" />
<link rel="stylesheet" href="assets/css/styles.css" />
<link rel="stylesheet" href="assets/css/jquery.fancybox.css" />
</head>
<body>

<div id="formContainer">
<form id="login" method="post">
<p id="lgnfrm">Login Form</p>
<input type="text" name="loginName" id="loginName" placeholder="User Name" required />
<input type="password" name="loginPass" id="loginPass" placeholder="password" required />
<input type="submit" name="Submit" id="sub" value="Login" />
</form>
</div>

<footer>

</footer>



</body>
</html>

Answer

isset returns boolean

your code should be

if(isset($_SESSION['user']) && $_SESSION['user'] != "")
{
    header("Location: welcome.html");
}

Or

if(!empty($_SESSION['user']))
{
    header("Location: welcome.html");
}