CODEWITHSUNDEEP
phpmysql
SomeUser
SomeUser

Reputation: 390

Passing value from php to html

Hi I am new to php and I am doing a simple login form in php. the user enters the userid and password. On button click I redirect it to a php page. There i use a simple select query and retrieve number of rows with that userid and password. Now if rows are returned, then its valid and I am redirecting him from there to other pages. If its not, I want to pass a values back to same login page (preferably a boolean value) and use it to enable a label saying invalid credentials.

code in validation php page:

<?php
$user = $_GET['txtUserName'];
$password = $_GET['txtPassword'];
$link = mysql_connect("localhost",username,password);
mysql_select_db(dbname, $link);
$result = mysql_query("SELECT * FROM user_table WHERE user_name='$user' and          password='$password'", $link);
$num_rows = mysql_num_rows($result);
if($num_rows!=0)
{
redirection to other pages  
}
else
{
//code here to pass back to login form
}
?>

I am very much new to php. Trying simple forms.

Upvotes: 0

Views: 136

Answers (5)

Fallen
Fallen

Reputation: 4565

  1. DON'T use GET method to submit a form with sensitive data like password.
  2. instead of submitting the form to another page, submit it to the same page. Put PHP code on top of the page.
  3. Initialize variable say $user = $_POST['txtUserName']. Now let's assume your input box is, <input type ='text' name = 'txtUserName'>, put value='<?PHP echo $user?> attribute in the input box and it will show the value.

Finally, read some tutorial. There are bunch of them out there on internet :-) Wish you very best of luck with PHP :-)

This demo might give you more idea:

<?PHP

    $username = "";
    $password = "";
    $error    = "";

    if($_SERVER['REQUEST_METHOD'] == "POST") {
        $username = $_POST['txtUserName'];
        $password = $_POST['txtPassword'];

        if(/*everything OK*/) {
            // sign the user in
            // redirect to some other page of your choice or not
        } else {
            $error = "Please try again";
        }
    }    
?>

<html>
... html goes here

<?PHP
    if(strlen($error) ) {
        echo $error;
    }
?>
<form action = "" method = "POST">
<input type  = 'text'     name = 'txtUserName' value='<?PHP echo $username?>' />
<input type  = 'password' name = 'txtPassword' />
<input type  = 'submit'  value = 'Sign In' />
</form>
?>
... rest of the html

Upvotes: 2

CyberBoy
CyberBoy

Reputation: 753

Advices

  1. Dont use GET method for password because GET is displayed in the URL. Here is the link for tutorial What is the difference between POST and GET?
  2. Dont use you are new to php so therefore it is the right right time to upgrade to mysqli and PDO in PHP. mysql() function will be soon depreciated from PHP5. Mysqli tutorials.
  3. Your code is vulnerable to SQL injection. Tutorials for SQL injection
  4. Your Code shows that you haven't gone through the general tutorials properly. Reference to the tutorial and if you face problem in your code, then post a question here.

Redirection can be simply done by header() function . header() tutorial

Upvotes: 0

rodix
rodix

Reputation: 425

The straight answer is: 

if($num_rows != 0)
   header("Location: http://myhost/myauthorizedpage.html");
else
   header("Location: http://myhost/loginpage.html");

Although this is a pretty lame security solution. Anyone can just type http://myhost.com/myauthorizedpage.html in their browsers and will be bypassing your login page.

A more reliable solution would include sessions management (http://www.sitepoint.com/php-sessions/) and protecting all the important pages with something like:

if(!isset($_SESSION["user"]))
    header('HTTP/1.0 403 Forbidden');

Upvotes: 0

KruSuPhy
KruSuPhy

Reputation: 39

First thing, you shouldn't pass a username and password value through the GET method. You should use POST, as it doesn't pass through the URL.

As for redirecting to the previous page and sending info, I'm no expert on that. But from what I've read, you should either use a session, or use javascript.

EDIT: Looking at another answer that was posted, you could use header(Location:""") to pass values through the url(i.e header(Location:"someurl.com/somefile.php?var=data") and use the get method on your registration page to check for those variables. If they're present, then you could display the labels informing the user of invalid credentials.

Upvotes: 0

codelover
codelover

Reputation: 317

if($num_rows!=0) { header("location:other-page.php"); } else { header("location:old-page.php"); }

Also use sessions...if username and password does not match,make that sessions to 1 and redirect to old page..There take that value ..Compare if it is set.Then display invalid crediantials

Upvotes: 0

Related Questions