Reputation: 665
PHP Error 500 & Post data returns an empty string
So a quick introduction... I'm trying to create a database system for a local website hosted off my computer.
I have this logon script in PHP and I have come across an error that is shown at the bottom on this question.
I am running this on a Debian OS and have PHP5 installed along with Apache2 and MySQL. I am unable to find the error log on both Apache and PHP.
When trying to get '$_POST['Anything']', it returns an empty string.
This is my code:
<?php
ob_start();
$host="localhost";
$username="MySQLUser";
$password="*************";
$db_name="test";
$tbl_name="members";
mysql_connect("$host", "$username", "$password") or die("Cannot connect");
mysql_select_db("$db_name")or die("Cannot select DB");
$myusername=$_POST["vuser"];
$mypassword=$_POST["vpass"];
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$mypassword = md5(md5(md5(md5(md5(md5($mypassword)))))); // This is for tests.
$sql="SELECT * FROM $tbl_name WHERE Username='$myusername' and Password='$mypassword'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
session_register("vuser");
session_register("vpass");
header("location:login_success.php");
} else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>
I even changed
echo "Wrong Username or Password";
to
echo "Wrong Username or Password, $mypassword and $myusername, $_POST['vuser'] and $_POST['vpass']";
And the vuser, vpass are shown as blank spaces. I echo the username and password so I can read it. Basically it's for tests. (This is before it broke)
After I did something, I have no idea what...
This is what I receive:
What I am asking is, why is the $_POST thing not showing the data and what's the problem with the error page?
Upvotes: 0
Views: 547
Answers (2)
Reputation: 2919
Ok..
Don't use "session_register", according to php.net, this function is DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0.
<?php
// initialize session
session_start();
define('DB_HOST', 'my.host.com');
define('DB_USER', 'youruser');
define('DB_PASS', 'yourpass');
define('DB_NAME', 'dbname');
// connect
mysql_connect(DB_HOST, DB_USER, DB_PASS) or die("Cannot connect");
mysql_select_db(DB_NAME) or die("Cannot select DB");
function clean($value)
{
if (get_magic_quotes_gpc()) {
$value = mysql_real_escape_string(stripslashes($value));
} else {
$value = mysql_real_escape_string($value);
}
return $value;
}
$user = isset($_POST['vuser']) ? trim($_POST['vuser']) : null;
$pass = isset($_POST['vpass']) ? trim($_POST['vpass']) : null;
if (!$user || !$pass) {
echo 'Wrong username or password';
die;
}
$user = clean($user);
$pass = clean($pass);
$sql = sprintf("select * from members where username = '%s' and password = '%s'", $user, $pass);
$query = mysql_query($sql);
if ($query) {
$data = mysql_fetch_array($query, MYSQL_ASSOC);
if (sizeof($data) > 0) {
// save sessions...
// redirect...
// user ok
die;
}
}
echo 'Incorrect!';
die;
Upvotes: 0
Reputation: 3778
Not sure since unable to test it now. Little busy, but just try removing the single-quotes around username and password like in the below query:
$sql="SELECT * FROM $tbl_name WHERE Username=$myusername and Password=$mypassword";
or use below:
$sql="SELECT * FROM $tbl_name WHERE Username='". $myusername ."' and Password='" . $mypassword . "'";
Upvotes: 1