CheckLogin.php <?php session_start(); $host=\"localhost\"; // Host name $usernam

Question

CheckLogin.php

<?php
session_start();
$host="localhost"; // Host name
$username="Fred"; // Mysql username
$password="Farmer#Fred"; // Mysql password
$db_name="FredBiz"; // Database name
$tbl_name="users"; // Table name
$_SESSION['LoginFail'] ="False"; //login failure sentinel value
// Connect to server and select databse.
$con = mysqli_connect("$host", "$username", "$password", "$db_name")or die("cannot connect");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysqli_real_escape_string('$myusername');
$mypassword = mysqli_real_escape_string('$mypassword');
$encrypted_mypassword=md5($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encrypted_mypassword'";
$result=mysqli_query($con,$sql);
// Mysql_num_row is counting table row
$count=mysqli_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['myusername'] = $myusername;
$_SESSION['mypassword'] = $encrypted_mypassword;
$_SESSION['LoginBool'] = "False";
header("location:DescSelect.php");
}
else {
$_SESSION['LoginFail'] = "True";
header("location:LoginPage.php");
}
mysqli_close($con);
?>
-------------------------------------------------------------------------------

AddUser.php

<?php
$host="localhost"; // Host name
$username="Fred"; // Mysql username
$password="Farmer#Fred"; // Mysql password
$db_name="FredBiz"; // Database name
$tbl_name="users"; // Table name
// Connect to server and select databse.
$con = mysqli_connect("$host", "$username", "$password", "$db_name") or die("cannot connect");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysqli_real_escape_string($myusername);
$mypassword = mysqli_real_escape_string($mypassword);
// encrypt password using MD5 hash
$encrypted_mypassword=md5($mypassword);
$sql="INSERT INTO $tbl_name (username, password) VALUES ('$myusername', '$encrypted_mypassword')";
$result=mysqli_query($con,$sql);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encrypted_mypassword'";
$result=mysqli_query($con,$sql);
// Mysql_num_row is counting table row
$count=mysqli_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
$Message= $myusername." you account was created successfully <br> Click your brownsers back button to login";
}
else {
$Message= "User was not registered";
}
mysqli_close($con);
?>

<html>
<head>
<title> Fred’s Market Biz Login </title>
<link rel="stylesheet" type="text/css" href="Style.css" />
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
</head>
<body>
<?php
echo $Message;
?>
</body>
</html>

----------------------------------------------------------------------------------

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in C: mpphtdocsAddUser.php on line 20

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in C: mpphtdocsAddUser.php on line 21

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in C: mpphtdocsAddUser.php on line 29
User was not registered

I am having trouble?

Explanation / Answer

For your problems the solutions are provided in the steps

1. In Object oriented style we will be writing code like the following

string mysqli::escape_string ( string $escapestr )

string mysqli::real_escape_string ( string $escapestr )

Whereas, in Procedural oriented style we will be writing code like in the following

string mysqli_real_escape_string ( mysqli $link , string $escapestr )

This function is used to create a legal SQL string that you can use in an SQL statement. The function mysqli_real_escape_string() has two parameters.

string mysqli_real_escape_string ( mysqli $link , string $escapestr ).

If you use the procedural style, you have to provide both a connection and a string:

$name = mysqli_real_escape_string($connection, $name);

2. I have made the required coding and made them bold for your reference. Change the connection name in line 20 and 21 with your connection name.

AddUser.php

<?php

$host="localhost"; // Host name

$username="Fred"; // Mysql username

$password="Farmer#Fred"; // Mysql password

$db_name="FredBiz"; // Database name

$tbl_name="users"; // Table name

// Connect to server and select databse.

$con = mysqli_connect("$host", "$username", "$password", "$db_name") or die("cannot connect");

// Check connection

if (mysqli_connect_errno())

{

echo "Failed to connect to MySQL: " . mysqli_connect_error();

}

// username and password sent from form

$myusername=$_POST['myusername'];

$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)

$myusername = stripslashes($myusername);

$mypassword = stripslashes($mypassword);

$myusername = mysqli_real_escape_string($yourconnectionobject,$myusername);

$mypassword = mysqli_real_escape_string($yourconnectionobject ,$mypassword);

// encrypt password using MD5 hash

$encrypted_mypassword=md5($mypassword);

$sql="INSERT INTO $tbl_name (username, password) VALUES ('$myusername', '$encrypted_mypassword')";

$result=mysqli_query($con,$sql);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encrypted_mypassword'";

$result=mysqli_query($con,$sql);

// Mysql_num_row is counting table row

$count=mysqli_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row

if(!$count||$count==1){

    $Message= $myusername." you account was created successfully <br> Click your brownsers back button to login";

}

else {

    $Message= "User was not registered";

}

mysqli_close($con);

?>

<html>

    <head>

        <title> Fred’s Market Biz Login </title>

        <link rel="stylesheet" type="text/css" href="Style.css" />

        <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />

    </head>

    <body>

        <?php

            echo $Message;

        ?>

    </body>

</html>

Related Questions

Navigate

• Browse (All)
• Browse C
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.