Jump to content

Help with $_POST function

morrisjohnny

By morrisjohnny
in PHP

 Share

Recommended Posts

morrisjohnny Member

morrisjohnny

Posted
Posted

Hello, i've just started learning php and i'm a bit of problems. I can echo the $_POST name that is entered but i was wondering is it safe to use this or would it be safer to learn sessions?Also using the $_POST function i was wondering would it be possible to run around a "row" and match the username (from post) to the usernames e-mail address so i could echo their email address?i'd be very greatful if anyone could help. Thanks-Jny

Link to comment
Share on other sites
thibo1025 Member

thibo1025

Posted
Posted

humm... I propose We see your attempt of script first because what you are asking is rather complicated...But I can help you a bit for few reasons:$_POST['name'] is an arraw and not a function. it contains the value of the input called name in a form.what do you mean by "in a row"? you mean if you have an arraw that contains differant values you could compare the values in the arraw?That is possible with a foreach method.Read the php tutorial of W3schools

Link to comment
Share on other sites
morrisjohnny Member

morrisjohnny

Posted
  • Author
Posted
humm... I propose We see your attempt of script first because what you are asking is rather complicated...But I can help you a bit for few reasons:$_POST['name'] is an arraw and not a function. it contains the value of the input called name in a form.what do you mean by "in a row"? you mean if you have an arraw that contains differant values you could compare the values in the arraw?That is possible with a foreach method.Read the php tutorial of W3schools
First hello and thanks for your reply.This is in my index page
<html> <header> <title>index Page</title> </header><body><form action="Members/index.php" method="post"><table align='center'> <tr>  <td>Username:</td><td><input type="text" name="Username" /></td> </tr><tr>  <td>Password:</td><td><input type="password" name="Password" /></td> </tr><tr>  <td colspan'2'><input type="submit" /></td> </tr><tr>  <td colspan='2'><a href='Reg.php'>Register</a></td> </tr></table></form></body></html>

This is in the members section

<html><header><title>Member Section</title></header><body><br /><br /><br /><table align="center" border="1" width="75%"> <tr>  <td width="75%">Boo</td><td width="25%">Welcome [b]<?php echo $_POST["Username"]?>[/b]</td> </tr></table></body></html>

i have non shown my register code as it it fully working and isn't the problemokay now you have seen my code i have Bold the text i wish to try and change. i dn't want to use $_POST["Username"] i want to read the user name who is logged in from the database.By "row" i meanUsername|password|AgeSo i could read the members username and their age and not a random age. i hope i have explained enought.I dn't want to use $_POST i want to extract their username from the table database.Also i was wondering how could i check a users Username & Password so if it is incorrect it takes them back to the index page. else if it is corect take it to another page.

Link to comment
Share on other sites
justsomeguy w3schools Guru

justsomeguy

Posted
Posted

You want to use sessions. Once they log in and you check in the database that they are logged in, store their username, email address, etc in the session. You can use the session on every page, but you can only use $_POST on the page after a form was submitted.

Link to comment
Share on other sites
morrisjohnny Member

morrisjohnny

Posted
  • Author
Posted

Thanks, i ahve had a look on the sessons page on w3schools, but dn't full understand it how would i detect if they are logged in? i'm gathering i wud need to include the session in every page. then then direct them back to the index page if they wasn'tHow would i go about checking their username and password in the database and then storing if they are in a session, and then extracting if they are logged in from a session onto a page?Am i thinking like this correctly in the terms of use of a session or not?

Link to comment
Share on other sites
morrisjohnny Member

morrisjohnny

Posted
  • Author
Posted

Firstly thanks justsomeguyI have played around with the a bit more than before. i have tried to split the code into three parts.Part one inclu/top.php

<?phpsession_start();$logged_in = false;$msg = "";if ($_SESSION['online'])  $logged_in = true;else if (isset($_POST['username'])){  $db=mysql_connect("localhost", "root", "");  mysql_select_db("jny", $db);  $username = htmlentities($_POST['username']);  $password = htmlentities($_POST['password']);  $username = mysql_real_escape_string($username);  $password = mysql_real_escape_string($password);  $query = mysql_query("SELECT username, password FROM Users WHERE username = '$username' AND password = '$password'");  if(mysql_num_rows($query) == 1)  {    $_SESSION['online'] = true;    $_SESSION['username'] = $username;    $logged_in = true;  }  else    $msg .= "The username and password did not match.<br /><br />";  mysql_free_result($query);  mysql_close($db);}/*at this point you can do a header redirect if necessary because you have not sent any outputheader("Location: login.php");exit();*/?><html>  <head>      </head>  <body>    <?php echo $msg; ?><?php if ($logged_in) { ?>

Part Two The Current Page

 <?php [i]include[/i]("inclu/top.php"); ?>[b]Welcome <?php echo $_SESSION['username']; ?>    <br /><br /><br />    <a href="1.php">Add news <b>with</b> image</a><br /><br />    <a href="other.php">Add news <b>without</b> image</a>[/b]<?php [i]include[/i]("inclu/bottom.php"); ?>

I have replaced the function include with the function require i still get an error of 

Parse error: parse error, unexpected $end in C:\My Software\xampp\htdocs\test\new\inclu\top.php on line 53

which appears to be this line of code 

<?php if ($logged_in) { ?>

meaning i broke the code in the wrong place?The reason i want to put them into three parts is so i could change ever page without having to scroll down like 53 lines of code. I would be very greatful if someone could help me.Part Three inclu/bottom.php

    <h1>Login</h1>    <form action="" method="post">    <p>Username<br /><input type="text" name="username" /></p>    <p>Password<br /><input type="password" name="password" /></p>    <p> <br /><input type="submit" name="submit" value="Login" /></p>    </form><?php } ?>  </body></html>

EDIT* BTW if all the 'parts' are one file it works fine I'm presuming that it is the way i have split it up.*

Link to comment
Share on other sites
morrisjohnny Member

morrisjohnny

Posted
  • Author
Posted
wait let me rewind a bit.... you talked about a database... am I right?If so You should use the functions to get the data out of your database...tell me more bout that... what type of database do you use?
thanksYes i am ALSO having problems with databases.I'm not sure what the functions r to get the data out of my database. I 'm having problems with extracting someones information exampleif theirs 5 different users in my database I'm not sure how to extract the person who is logged in how to extract THEIR email and show it and not a random one I'm gathering it's something to do with the where function?thanks for the reply and i hope u can help-jny
Link to comment
Share on other sites
thibo1025 Member

thibo1025

Posted
Posted

to get data out of a database:

<?php$con = mysql_connect("[b]host[/b]","[b]user[/b]","[b]pass[/b]");if (!$con){  die('Could not connect: ' . mysql_error());  }mysql_select_db("[b]database[/b]", $con);$result = mysql_query("SELECT [b]col name[/b] FROM [b]table[/b]"); while($row = mysql_fetch_array($result)){//$row['[b]col name[/b]'] is your value.}mysql_close($con);?>

In Your Case:for the registration

$db=mysql_connect("localhost", "root", "");mysql_select_db("jny", $db);$username = mysql_real_escape_string(htmlentities($_POST['username']));$password = mysql_real_escape_string(htmlentities($_POST['password']));$query = mysql_query("SELECT username, password FROM Users WHERE username = '$username' AND password = '$password'");if(mysql_num_rows($query) == 1) {  $_SESSION['online'] = true;  $_SESSION['username'] = $username;  $logged_in = true;  }else{  $msg .= "The username and password did not match.<br /><br />";}  mysql_free_result($query);   mysql_close($db);

Link to comment
Share on other sites
morrisjohnny Member

morrisjohnny

Posted
  • Author
Posted

Thanks thibo1025 I havn't treid it but i have made a note of it for later use when i plan to fully customise my php scripts.Anybody have any idea on why the code justsomeguy gave me isn't working once i split it up? (i can put all the pieces back together so it works again.) {I have checked over and they are all split at the right places.}

Link to comment
Share on other sites
thibo1025 Member

thibo1025

Posted
Posted

actually, I am not sure that yoo can finish a conditional with an include... Maybe you can try to put it back in one file and see if it works out alone

Link to comment
Share on other sites
morrisjohnny Member

morrisjohnny

Posted
  • Author
Posted
actually, I am not sure that yoo can finish a conditional with an include... Maybe you can try to put it back in one file and see if it works out alone
Okay i have just woke up and have placed them back into the same file. They work. Maybe you where right, i have replaced the include with require it still doesn't work :'( is their an easier way where i can create pages then without having to have so much code on one bit of page?
Link to comment
Share on other sites
thibo1025 Member

thibo1025

Posted
Posted

sure let me show you:

<?phpsession_start();$logged_in = false;$msg = "";if ($_SESSION['online']){  $logged_in = true;}elseif (isset($_POST['username'])){$db=mysql_connect("localhost", "root", "");mysql_select_db("jny", $db);$username = mysql_real_escape_string(htmlentities($_POST['username']));$password = mysql_real_escape_string(htmlentities($_POST['password']));$query = mysql_query("SELECT username, password FROM Users WHERE username = '$username' AND password = '$password'");if(mysql_num_rows($query) == 1) {$_SESSION['online'] = true;$_SESSION['username'] = $username;$logged_in = true; }else{$msg .= "The username and password did not match.<br /><br />";}mysql_free_result($query); mysql_close($db);echo "<html>\n"; echo "<head>\n";/* Dont U want a title to your page */echo "</head>\n";echo "<body>\n";echo $msg;if ($logged_in) { include('[b]current page[/b]'); //Without the includes!!echo "<h1>Login</h1>\n<form action='' method='post'>\n<p>Username<br /><input type='text' name='username' /></p>\n<p>Password<br /><input type='password' name='password' /></p>\n<p>\n<br /><input type='submit' name='submit' value='Login' /></p>\</form>";}echo "</body></html>";?>

Link to comment
Share on other sites
morrisjohnny Member

morrisjohnny

Posted
  • Author
Posted
sure let me show you:
<?phpsession_start();$logged_in = false;.....

Thanks for your reply once again, while i though using this code would be a realli good idea it seems i no not enoguht to use this code. instead i have taken the code u have helped me with (with the log in part) and changed it a bit to below.
<?php$db=mysql_connect("localhost", "root", "");mysql_select_db("jny", $db);$username = ($_POST['Username']);$password = ($_POST['Password']);$query = mysql_query("SELECT username, password FROM Users WHERE username = '$username' AND password = '$password'");if(mysql_num_rows($query) == 1) {echo "Correct Username & Password";}else{echo "Wrong Username Or password";}mysql_free_result($query);mysql_close($db);?>

using this i can detect if the user has entered the correct username & password combanationI will then create a cookie if they username and cookie has been entered correctly storing their username in the cookie. And will then be able to revert back to the cookie to see if the user is logged in. If the user doesn't have a cookie then it has expired and will then be reverted back to the log in page.Do you think this is a good way to do wht i am trying to do? or can a cookie easier be modified?

Link to comment
Share on other sites
reportingsjr Dedicated Member

reportingsjr

Posted
Posted

You cant split up codes at random points, because each chunk is still a file. It will get parsed (executed) before you include it, then it will include the html. So the errors it is seeing, from at the top is that you haven't closed an if statement. Also, I say you have the beginning of an if like this:if(blah) //do thisBut the elseif had curly braces. This is not allowed as that counts as two different if statements (I'm pretty sure, I always use curly braces). Why do you not want much code on one page? I have a php crawler that im working on that is at least 200-300 lines long. Its not that confusing. Infact, I find it much easier to have all of the required script in one file than in many different ones that way I don't have to navigate through a maze of files to find what script I need to edit, in case there is a bug in it.There is absolutely no point to having a logged in variable if you are setting $_SESSION['online']. You can check if that one is false or true (automatically false, unless you change it. If you put a string in there it will still change to true).Hope this helps!

Link to comment
Share on other sites
justsomeguy w3schools Guru

justsomeguy

Posted
Posted

You were getting errors with the code because you ended one PHP file after an opening IF statement without ending the IF statement. Control statements do not go across include files, they need to all be in one file. If you want to split it up, this would be a standalone authentication file:

<?phpsession_start();$logged_in = false;$msg = "";if ($_SESSION['online'])  $logged_in = true;else if (isset($_POST['username'])){  $db=mysql_connect("localhost", "root", "");  mysql_select_db("jny", $db);  $username = htmlentities($_POST['username']);  $password = htmlentities($_POST['password']);  $username = mysql_real_escape_string($username);  $password = mysql_real_escape_string($password);  $query = mysql_query("SELECT username, password FROM Users WHERE username = '$username' AND password = '$password'");  if(mysql_num_rows($query) == 1)  {	$_SESSION['online'] = true;	$_SESSION['username'] = $username;	$logged_in = true;  }  else	$msg .= "The username and password did not match.<br /><br />";  mysql_free_result($query);  mysql_close($db);}/*at this point you can do a header redirect if necessary because you have not sent any outputheader("Location: login.php");exit();*/?>

You can include it in another file to make sure the user is logged in when they try to access the file. This would be an example:

<?phpinclude ("logincheck.php");?><html>  <head>	...  </head>  <body>	<?php echo $msg; ?><?php if ($logged_in) { ?>	Welcome <?php echo $_SESSION['username']; ?>	<br /><br /><br />	<a href="1.php">Add news <b>with</b> image</a><br /><br />	<a href="other.php">Add news <b>without</b> image</a><?php } else { ?>	<h1>Login</h1>	<form action="" method="post">	<p>Username<br /><input type="text" name="username" /></p>	<p>Password<br /><input type="password" name="password" /></p>	<p> <br /><input type="submit" name="submit" value="Login" /></p>	</form><?php } ?>  </body></html>

Link to comment
Share on other sites
morrisjohnny Member

morrisjohnny

Posted
  • Author
Posted

The main reason i want the code to be as short as possible is because i like a clean text document and like to be able to start from 'scratch' and know excatly wht is going into my document.I'm not sure wht is going on with all of this code. How safe is it?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...