CODEWITHSUNDEEP
phphtml
Xiong Xu
Xiong Xu

Reputation: 141

Putting html inside PHP

So I was wondering if its possbile to put a html code inside PHP code

I have this nice login page for html but I'm using PHP to help store the username and password.

I want use that login page I have for html with the PHP code I'm using.

I tried searching and people said use echo but for some reason it doesn't work for me.

Any help is appreciated.

PHP Code: 

<?php
   require('config.php');

   if(isset($_POST['submit']))
   {
     $user = mysql_escape_string($_POST['user']);
     $pass = mysql_escape_string($_POST['pass']);

     $check = mysql_query("SELECT * FROM `users` WHERE `user` = '$user' AND `pass` = '$pass'");
     if(mysql_num_rows($check) >= 1){
     echo "Success";
     exit();
   }
  else{

  echo "Wrong password";
  }
 }
 else{
  <<<<add html code here>>>
   }
?>

HTML Code:

<form action="Home.html" method="POST">
<div class="container">
<label><b>Username</b></label>
<input type="text" placeholder="Enter Username" name="user" required>

<label><b>Password</b></label>
<input type="password" placeholder="Enter Password" name="pass" required>

<button type="submit">Login</button>

</div>

</form>

Upvotes: 2

Views: 4438

Answers (2)

liviu blidar
liviu blidar

Reputation: 361

Are you trying to display the form again on that last else statement? if so just do: 

<?php
   require('config.php');

   if(isset($_POST['submit']))
   {
     $user = mysql_escape_string($_POST['user']);
     $pass = mysql_escape_string($_POST['pass']);

     $check = mysql_query("SELECT * FROM `users` WHERE `user` = '$user' AND `pass` = '$pass'");
     if(mysql_num_rows($check) >= 1){
     echo "Success";
     exit();
   }
  else{

  echo "Wrong password";
  }
 }
 else{
?>
  <form action="Home.html" method="POST">
  <div class="container">
  <label><b>Username</b></label>
  <input type="text" placeholder="Enter Username" name="user" required>

  <label><b>Password</b></label>
  <input type="password" placeholder="Enter Password" name="pass" required>

  <button type="submit">Login</button>

  </div>

  </form> 
<?php
   }
?>

While this is definetely not the Correct way of doing it, it will do what you want. There are several better ways of doing it which you will learn later on.

Sidenote: I hope this script that you are running is not for a live app/website but for some homework you have where security is not an issue. If this is for a live website then you might aswell not use any login/register script as that can be soooo easily bypassed. just google php secure login and you will find some good examples. Passwords need to be encrypted on the database otherwise they will be compromised. Also try and google PHP form validation, it will give you some insight on what is going on with that sql injection you are vulnerable to. Here's a good link to start: http://phpsecurity.readthedocs.io/en/latest/Input-Validation.html

Upvotes: 2

Adnan
Adnan

Reputation: 111

    <?  if($guest) { ?>
    Show Login Form HTML <?  } ?>



    <?  if($user) { ?>
    Hide Login Form HTML <?  } ?>

just a small hint, i use something like this, check if variables exist to show or hide html, there may be much beter ways to do this.

Upvotes: 0

Related Questions