1

I made a login form, I had a lot of other problems with it and now I found out that the PHP code was being executed before the submit. HOW can the problem be solved? Since PHP does not support onclick events(which anyway sucks!), I don't see any solution that I know!

Code:

//Get the form with POST
$user = mysql_real_escape_string($_POST['user']);
$password = mysql_real_escape_string($_POST['pass']);



$usernames=mysql_query("SELECT * FROM user_info WHERE Username='" . $_POST['user'] . "' AND Password='" . $_POST['pass'] . "'");
if(!$usernames){echo mysql_error();}

$count=mysql_num_rows($usernames);
if(!$count){echo mysql_error();}

//If $count is equal to one, register the user and redirect him to his page, or else   echo him that his info is wrong
if($count === 1) {
$_SESSION['code'] = "titan";
$_SESSION['ande'] = $user;
$_SESSION['password'] = $password;
header("location: home.php");}
else {
echo "<p style='color:red;text-align:center;'>Wrong username or password!</p>";}
Improve this question
7
  • 3
    PHP does not allow functions? I've been doing it wrong all these years! Commented Sep 23, 2013 at 17:52
  • Since PHP does not allow functions - really? Commented Sep 23, 2013 at 17:52
  • PHP allows functions. Commented Sep 23, 2013 at 17:53
  • Also, sanitize your SQL Commented Sep 23, 2013 at 17:56
  • 2
    Guys, all the snark is unhelpful and only serves to make stack overflow look like it's hostile to beginners. It's self-evident from the code that this is someone's first "my form in php" code. You guys should be better than this. Commented Sep 23, 2013 at 18:09

3 Answers 3

Reset to default
5

Wrap the code that is supposed to be executed after the form submission in an IF statement that checks to see if the form is submitted:

if ('POST' === $_SERVER['REQUEST_METHOD'])
{
    // your code goes here
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

3

Check if form is submitted

if(isset($_POST['user'])) {

   //Your php code goes here

}

Based on your comment I extended this answer

Just place all code in this condition which you have sent in your question

if(isset($_POST['user']))
{

    //Get the form with POST
    $user = mysql_real_escape_string($_POST['user']);
    $password = mysql_real_escape_string($_POST['pass']);



    $usernames=mysql_query("SELECT * FROM user_info WHERE Username='" . $_POST['user'] . "' AND Password='" . $_POST['pass'] . "'");
    if(!$usernames){echo mysql_error();}

    $count=mysql_num_rows($usernames);
    if(!$count){echo mysql_error();}

    //If $count is equal to one, register the user and redirect him to his page, or else   echo him that his info is wrong
    if($count === 1) {
    $_SESSION['code'] = "titan";
    $_SESSION['ande'] = $user;
    $_SESSION['password'] = $password;
    header("location: home.php");}
    else {
    echo "<p style='color:red;text-align:center;'>Wrong username or password!</p>";}

}
Improve this answer

2 Comments

It didn't work! Maybe I'm doing it wrong: Should I place this code as a new one or should I replace the old condition with this one?
You will get idea, see login.php page script from this answer stackoverflow.com/a/18979508/2459296
0

What I DID NOT tell you was that the PHP code was in the same file with the form and the rest of HTML... I tried to remake the code in AJAX, (it didn't work =(, but it still helped!) and for that I moved the PHP code inside another file (Login_engine.php). And that was it! Sure, there still is a tiny problem: now, the red text is displayed inside Login_engine.php... That sucks!

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.