DEVHIDE
Login Or Sign up

HTML form not passing values to PHP (mysqli_real_escape_string)

1.1k Views Asked by At

HTML

<form type="POST" action="includes/login.php">
    <input type="email" name="email" placeholder="email" />
    <input type="password" name="password" placeholder="parola" />
    <input type="submit" value="Login">
</form>

PHP

<?php
require_once 'config.php';

if(isset($_POST['email'])) 
    {
       $email = mysqli_real_escape_string($_POST['email']);
    } 
else 
    {
        echo "Nu ati completat adresa de e-mail. <br />";
    }

if(isset($_POST['password'])) 
    {
       $email = mysqli_real_escape_string($_POST['password']);
    } 
else 
    {
        echo "Nu ati completat parola. <br />";
    }

if(isset($_POST['email']) && ($_POST['password']))
{ 
    $query = ("SELECT * FROM `users` WHERE password = '$password' AND email = '$email'");
    $result = mysqli_query($link, $query);
    $row = mysqli_fetch_array($result);
    $count_rows = mysqli_num_rows($result);

    if ($count_rows == 1)
    {
            $_SESSION["login"] = "OK";
            header("Location: ../index.php");
    }

    else
    {
        header("Location: ../login.php");

    }
}
?>

I tried switching from MySQL to MySQLi and I'm sure it's related to this. My form is not passing values to the PHP script even if the inputs have a name. Did some research here on StackOverflow and found many questions about forms not passing data but there was usually a typo or a missing name, which is not my case (I think).

(I know that the password is not secured yet, I'll add a SHA256 or something there soon so don't stress about it)

Tried echoing the query and it's just blank where the password and email address should be.

SELECT * FROM `users` WHERE password = '' AND email = ''

I also get this warning:

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in C:\xampp\htdocs\breloc\includes\login.php on line 4

Line 4 in my script is: 

$email = mysqli_real_escape_string($_POST['password']);
php html mysql mysqli xampp
Original Q&A
7

There are 7 best solutions below

0
On BEST ANSWER
  1. Change form type="post" to method="post"
  2. Add database connection string to your mysqli_real_escape_string function.
2
On 
string mysqli_real_escape_string ( mysqli $link , string $escapestr )

As from Docs, the first parameter must be mysqli resource and its missing within your code, and also change 

<form type="POST">

into

<form method="post">

So your code looks like

mysqli_real_escape_string($link,$_POST['email']);// and been repeated at all those occurences
0
On

According to the Documentation http://php.net/manual/de/mysqli.real-escape-string.php you must provide the mysqli ressource as first parameter of the function.

0
On

make change to Your form tag 

 <form type="POST">

to 

 <form method="POST">
0
On

You should use method instead of type in your <form> tag, like this:

<form method="POST" action="includes/login.php">
0
On 
<form method="POST" action="includes/login.php">
    <input type="email" name="email" placeholder="email" />
    <input type="password" name="password" placeholder="parola" />
    <input type="submit" value="Login" name="submit">
</form>

<?php
require_once 'config.php';

if(isset($_POST['submit'])) {
    if(!empty($_POST[email]))
    {
       $email = mysqli_real_escape_string($link,$_POST['email']);
    } 
else 
    {
        echo "Nu ati completat adresa de e-mail. <br />";
    }

if(!empty($_POST['password'])) 
    {
       $password = mysqli_real_escape_string($link,$_POST['password']);
    } 
else 
    {
        echo "Nu ati completat parola. <br />";
    }

if(!empty($_POST['email']) && !empty($_POST['password']))
{ 
    $query = ("SELECT * FROM `users` WHERE password = '".$password."' AND email = '".$email."'");
    $result = mysqli_query($link, $query);
    $row = mysqli_fetch_array($result);
    $count_rows = mysqli_num_rows($result);

    if ($count_rows == 1)
    {
            $_SESSION['login'] = "OK";
            header("Location: ../index.php");
    }

    else
    {
        header("Location: ../login.php");

    }
}}
?>
0
On

set 'method' not type

<form method="POST" action="includes/login.php">
    <input type="email" name="email" placeholder="email" />
    <input type="password" name="password" placeholder="parola" />
    <input type="submit" value="Login">
</form>

don't forget to connect to your db and pass the that connection to your mysqli_query and mysqli_real_escape_string functions

<?php
require_once 'config.php';

$con=mysqli_connect("localhost","my_user","my_password","my_db");

if(isset($_POST['email'])) 
    {
       $email = mysqli_real_escape_string($con, $_POST['email']);
    } 
else 
    {
        echo "Nu ati completat adresa de e-mail. <br />";
    }

if(isset($_POST['password'])) 
    {
       $email = mysqli_real_escape_string($con,$_POST['password']);
    } 
else 
    {
        echo "Nu ati completat parola. <br />";
    }

if(isset($_POST['email']) && ($_POST['password']))
{ 
    $query = ("SELECT * FROM `users` WHERE password = '$password' AND email = '$email'");
    $result = mysqli_query($con, $query);
    $row = mysqli_fetch_array($result);
    $count_rows = mysqli_num_rows($result);

    if ($count_rows == 1)
    {
            $_SESSION["login"] = "OK";
            header("Location: ../index.php");
    }

    else
    {
        header("Location: ../login.php");

    }
}
?>

Related Questions in PHP

Related Questions in HTML

Related Questions in MYSQL

Related Questions in MYSQLI

Related Questions in XAMPP

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.