Php not accessing the Database

Question

i have a form file with name form1.php

<?PHP
//form.php
session_start();
?>
<!DOCTYPE HTML>
<html>
<head>
        <title>form</title>
</head>

<body>
        <?PHP if (isset ($_SESSION["notfound"])) { ?> 
                <h2 style="text-align:center">Wrong user name or password</h2>
        <?PHP unset($_SESSION["notfound"]);}
         if (isset ($_SESSION["empty"])) {?>
                <h2 style="text-align:center">Empty</h2>
        <?PHP unset($_SESSION["empty"]); }?>

    <form name="signin" action="http://localhost/M1.php" method="post">
    <table>
        <tr>
            <td>
            <label>
            Username<input type="text" name="name" size="32"/>
            </label>
            </td>
            <td>
            <label>
            Password <input type="password" name="pass" size="32"/>
            </label>
            </td>
            <td>
            <input type="submit" value="Login" />
            </td>
        </tr>
    </table>
    </form>

and controll file M1.php

<?php
$name=$_POST["name"];
$pass=$_POST["pass"];
if((!empty($name)) && (!empty($pass)))
{
    session_start();
    if($conection=mysql_connect("localhost","","")===false)
        die("not connect to data base");

    if(mysql_select_db('login',$conection) ===false)
        die("data base not found");


    $sql =sprintf("SELECT `password` FROM `signin` WHERE `username`= '%s' ",mysql_real_escape_string($name));

    $dbpass=mysql_query($sql);

    if ($dbpass==$pass) 
    {
        $_SESSION["authenticated"]=true;
        header("Location: http://localhost/home.php");
        exit;
    }
     else   //if ($dbpass===false)
    {
        $_SESSION["notfound"]=true;
        header("Location: http://localhost/form1.php");
        exit;
    }
}
else
{
    $_SESSION["empty"]=true;
    header("Location: http://localhost/form1.php");
    exit;
}
?>

*i am useing xampp for runing them i have data base loging which contain a table signin when i fill the form with same user name and password which i save in signin table and click submit it return me on form1.php with session 'notfoun' and when i submit empty form it return me without seting empty session *

Answer 1

It's firstly good time to make use of PDO or mysqli rather then using mysql which is deprecated in latest PHP version.

While passing db connection values, I feel you missed out the username & password, which should help you connect the database.

Later, mysql_query("SELECT_QUERY"); returns result object, whose values should be read by mysql_fetch_assoc() which returns the db row into associative array form.

Finally your code should look like,

$sql =sprintf("SELECT `password` FROM `signin` WHERE `username`= '%s' ",mysql_real_escape_string($name));

$result = mysql_query($sql);
$dbpass = mysql_fetch_assoc($result);
$dbpass = $dbpass['password'];
if ($dbpass==$pass) 
{
    $_SESSION["authenticated"]=true;
    header("Location: http://localhost/home.php");
    exit;
}
 else   //if ($dbpass===false)
{
    $_SESSION["notfound"]=true;
    header("Location: http://localhost/form1.php");
    exit;
}

Answer 2

You are not fetching data from database and you make a condition based on execute query = $pass which will be always false, so change to

$dbpass=mysql_query($sql);
$result = mysql_fetch_array($dbpass);
$passw = $result['password'];

if ($passw==$pass) 
{
  //logged

As side note i would say a couple of thing. First I notice you sanitized your input which is a good pratice, but you really should switch to prepared statments with either PDO or mysqli so you will avoid any risk of mysql injection, also because mysql_* functions are deprecated. Second saving a password in plain text in database is a very bad pratice, you should really encrypt it and save an hash of the password in database, there is anice post about that here. Further more I think that session_start(); should be placed at the top of your file to work correctly.

Answer 3

What's the error you're getting?

Anyway, how do you connect through your database? I see you have put the username and password as an empty string. You should try to put in a user/pass of an existing user:

mysql_connect syntax:

mysql_connect(host,username,password,newlink,clientflag)

example:

mysql_connect("localhost","root","") 

or

mysql_connect("localhost","root","password")