0

I've got this project on DBMS. My form is working if I enter the correct username and password.. but it shows only a blank page when i enter wrong details.. It's not executing the else part.. It if part is working fine.. Can anyone help me.. I'm new to PHP. 

<html>
<head>
   <title></title>
</head>
<body>  

 <?php
 include 'connection.php';
 SESSION_START();
 $user = $_POST['registeredEmail'];
 $pass = $_POST['registeredpassword'];
 $sql = "SELECT * FROM users WHERE email = '".$user."' and password = '".$pass."';";
$qry = mysql_query($sql) or die(mysql_error());
$result = mysql_fetch_array($qry) or die(mysql_error());
if($result) 
{
$_SESSION['UserName'] = $result['name'];
echo '<script type="text/javascript">'; 
echo 'alert("Sign In Successful");'; 
echo 'window.location.href = "sell.php";';
echo '</script>';



}
else
{
//  header('Location: index.php');
echo 'sign in unsuccessful';
echo '<script type="text/javascript">'; 
echo 'alert("Sign In UnSuccessful. Either Email or password or both are wrong.. please try again or Sign Up");'; 
echo 'window.location.href = "index.php";';
echo '</script>'; 
}
?>
</body>
</html>
Improve this question
2
  • Did you looked into your source code? Is your page really blank ? Commented Apr 3, 2015 at 13:02
  • 1
    Please, please, please read this stackoverflow.com/questions/60174/… before you do anything else. Commented Apr 3, 2015 at 13:04

4 Answers 4

Reset to default
1

Instead of if($result)

you can use if(mysql_num_rows($qry)>0)

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

You would want it to be if(mysql_num_rows($qry) ==1) since its a login form, and you dont want more than 1 match
0

There are few problems in your code. Let's 1st focus on how to fix this. Replace your code with below.

$sql = "SELECT * FROM `users` WHERE `email` = '".$user."' and `password` = '".$pass."';";
$qry = mysql_query($sql) or die(mysql_error());
if(mysql_num_rows($qry) == 1) 
{

Your code is vulnerable to SQL injection.

How can I prevent SQL injection in PHP?

Don't store the password in plain-text. Use an encryption algorithm such as md5.

Best way to store password in database

Improve this answer

3 Comments

That, and it seems to store plaintext passwords. I hope this code never sees any real life application.
That's why I mentioned that code has issues at the beginning
I'm just using the code to rum via xampp on localhost.. will comply by your suggestions.. Thanks a ton to all you guys for helping ...
0 
<?php
 include 'connection.php';
 SESSION_START();
 $user = $_POST['registeredEmail'];
 $pass = $_POST['registeredpassword'];
 $sql = "SELECT * FROM `users` WHERE `email` = '".$user."' and `password` = '".$pass."';";
$qry = mysql_query($sql) or die(mysql_error());
$num=mysql_num_rows($qry);
if($num==1) 
{
$result = mysql_fetch_array($qry) or die(mysql_error());

$_SESSION['UserName'] = $result['name'];
echo '<script type="text/javascript">'; 
echo 'alert("Sign In Successful");'; 
echo 'window.location.href = "sell.php";';
echo '</script>';



}
else
{
//  header('Location: index.php');
echo 'sign in unsuccessful';
echo '<script type="text/javascript">'; 
echo 'alert("Sign In UnSuccessful. Either Email or password or both are wrong.. please try again or Sign Up");'; 
echo 'window.location.href = "index.php";';
echo '</script>'; 
}
?>

try this

Improve this answer

Comments

0

Basicly your if statement always conditions to true, so the else statement is never reached. If you check a different condition like vivek suggests, where you check if your query has exactly 1 match (since I suppose you will want a user to have only 1 account) the statement can also be false and thus it will skip to the else statement.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.