0

I've been writing a php code for my project but I'm having trouble reading data from my xampp database. Every time I put my username & password in the the required fields, an error comes up. I want the code to display the next form after I put in the username and the password. The database I'm using is called sales and has a table which has the fields, id, username and password. I'm new to php and if anyone out there can help me correct the code, I'll really appreciate it.

<?php
//Start session
session_start();

//Array to store validation errors
$errmsg_arr = array();

//Validation error flag
$errflag = false;

//Connect to mysql server
$link = mysqli_connect('localhost','root',"");
if(!$link) {
    die('Failed to connect to server: ' . mysqli_error());
 }

  //Select database
   $db = mysqli_select_db( $link,'sales');
   if(!$db) {
    die("Unable to select database");
  }

  //Function to sanitize values received from the form. Prevents SQL injection
  function clean($str) {
    $str = @trim($str);
    if(get_magic_quotes_gpc()) {
        $str = stripslashes($str);
    }
    return mysqli_real_escape_string($str);
  }

  //Sanitize the POST values
  $login = clean($_POST['username']);
  $password = clean($_POST['password']);

  //Input Validations
  if($login == '') {
    $errmsg_arr[] = 'Username missing';
    $errflag = true;
  }
  if($password == '') {
    $errmsg_arr[] = 'Password missing';
    $errflag = true;
  }

 //If there are input validations, redirect back to the login form
  if($errflag) {
    $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
    session_write_close();
    header("location: index.php");
    exit();
  }

  //Create query
  $qry="SELECT * FROM user WHERE username='$login' AND password='$password'";
  $result=mysqli_query($qry);

  //Check whether the query was successful or not
  if($result) {
    if(mysqli_num_rows($result) > 0) {
        //Login Successful
        session_regenerate_id();
        $member = mysqli_fetch_assoc($result);
        $_SESSION['SESS_MEMBER_ID'] = $member['id'];
        $_SESSION['SESS_FIRST_NAME'] = $member['name'];
        $_SESSION['SESS_LAST_NAME'] = $member['position'];
        //$_SESSION['SESS_PRO_PIC'] = $member['profImage'];
        session_write_close();
        header("location: main/index.php");
        exit();
    }else {
        //Login failed
        header("location: index.php");
        exit();
    }
  }else {
    die("Query failed");
  }
  ?>

Afterwards,it should redirect to this form (index.php) which is located on a different folder. You an download the file here (https://drive.google.com/file/d/1vIuKOtG0v9eZmKEnJQk3LR3-0p6wqtnd/view?usp=sharing)

Improve this question
8
  • What error do you get?... Commented Nov 17, 2019 at 8:15
  • Username missing and Password missing Commented Nov 17, 2019 at 8:25
  • Can you maybe give the full error message? Commented Nov 17, 2019 at 8:27
  • If it's missing, can you include the code for the <form> it's being submitted from. Commented Nov 17, 2019 at 8:29
  • Hi, this is the error (ibb.co/Smschcm) Commented Nov 17, 2019 at 8:40

1 Answer 1

Reset to default
1

try checking if the form submit button has been set using isset() function before validating user input

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I used isset before I posted the question.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.