CODEWITHSUNDEEP
phphtmlmysql
TheRealSoCal
TheRealSoCal

Reputation: 45

PHP is being mis-read and code is being turned into plane HTML text

Curious as to why when i hit the submit button and the action takes place to go to my php page, the page just changes to the action_page.php and has the plane black text of the entire php file. Clearly this means that the Php file isnt being executed but i cannot for the life of me understand why.

I know php is installed as PHP Version 7.0.4, and my server is running just fine.

Here is the php:

 <?php
    //setting variables for connecting to database
    $host     = 'localhost';
    $username = 'root';
    $password = '';
    $db       = 'aquamandb';
    date_default_timezone_set('America/Chicago');

    //connecting to the database
    $connect  = new mysqli($host,$username, $password, $db) or die("Unable to connect");

    //getting the username, and password for sanitizing
    $_US_username = $_POST['username'];
    $_US_password = $_POST['password'];

    //sanitize the variable to remove SQL statements that could drop the database potentially.
    $username     = mysql_real_escape_string($_US_username);
    $password     = mysql_real_escape_string($_US_password);

    $sql      = "SELECT * FROM user WHERE username = '$username' AND password = '$password'";
    $result   = mysqli_query($sql);

    $numrows = mysql_num_rows($result);

    if($numrows > 0)
    {
        while($row = mysqli_fetch_assoc($result))
        {
            echo "id: " . $row["userID"]. " - UserName: " . $row["username"]. " " . $row["password"]. " - Type: " . $row["type"]. "<br>";
        }
    }
    else
    {
        echo "username does not match!";
    }
?>

Here is the html:

     <!DOCTYPE html><!-- login.html -->
<?php include "../php/action_page.php"; ?>
<html>
<head lang="en">
    <meta charset="UTF-8">
    <title>Login</title>
    <link href="css/login_2.css" rel="stylesheet">
</head>
<body>
    <div class="login-form">
        <form id = "login_form" action="php/action_page.php" method ="POST">
                <h1> Login </h1>
                <input type='hidden' name='submitted' id='submitted' value='1' />

                <div class="form">
                <input type ="text" name='username' class="credentials-form" placeholder="Username" id="Username">
            </div>
            <div class="form data">
                <input type ="password" name='password' class="credentials-form" placeholder="Password" id="Password">
            </div>
            <input type='submit' name='Submit' value='Login' class='button'/>
            <button type="button" class="button" id="acc" onclick="location.href='createAccount.html';"><span>Create Account</span></button>
    </form>
</div>

Upvotes: 1

Views: 82

Answers (1)

Sanzeeb Aryal
Sanzeeb Aryal

Reputation: 3266

You are using mysql_* functions in php7. mysql_* function is completely removed from php7. And to avoid sql injection use the code below.

$sql = $connect->prepare("select * from user where username = ? and password=?");
$sql->bind_param("ss",$_US_username,$_US_password);
$sql->execute();
$result=$sql->get_result(); 
$row=$result->fetch_assoc();

Upvotes: 1

Related Questions