Using php to validate an html form

Hi all,

Right now I have a “log in” page that displays a simple form. This form has two text boxes for input (“user name” and “password”), as well as a “submit” button.

My desired functionality is that once the user enters their username and password into the appropriate fields and clicks “submit”, some php code will connect to my mysql database (which has a table full of user names and passwords), to validate the user input. If the information the user entered is found in the database, they would be re-directed to another page. If not, they would be stuck at this “log in” page.

I’m sure this is a silly, or common question, but does anybody know how I might be able to do this?

Thanks very much,
Phil

Validate / check form fields
http://php.net/manual/en/tutorial.forms.php

Redirect
http://php.net/manual/en/function.header.php

I’ve actually seen these, and tried implementing them both. My php code evaluates the user input correctly (I know this because of an error that shows when the user enters incorrect data, and another message that shows when the data is correct). My issue is that the “header” is not navigating to the page at all, and instead just re-freshes the page.

Post your code And the topic is marked as solved, while it seems like it’s not…

Yeah - sorry about that - haha. Accidental click on my laptop pad.

Here is my code:

      <form method="post" id="loginform" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
                <div>
                    <div>
                      <label><strong>User ID</strong></label>
                      <input type="text" name="userid" id="userid"/>
                    </div>
                </div>
                <br>
                <div>
                    <div>
                      <label><strong>Password</strong></label>
                      <input type="text" name="password" id="password"/>
                    </div>
                </div>
                <br><br>
                <input type="submit" value="Log In">
            </form>  
            
            
<?php

    $uid = $_POST["userid"];
    $pword = $_POST["password"];

    // Create connection
    $con=mysqli_connect("[DBLocation]","[loginName]","[loginPassword]","[DBName]");

    // Check connection
    if ( mysqli_connect_errno() )
    {
        echo "Failed to connect to MySQL: " . mysqli_connect_error();
    }
  
    $result = mysqli_query($con, "SELECT * FROM [TABLE] WHERE username = '" . $uid . "'");
  
    $arr_check = mysqli_fetch_array($result);
  
    if(empty($arr_check))
    {
        // if the id and password are not found, show an error:
        echo "sorry.  name not found.  ";
    }
    else
    {
        // if the id and password ARE found, redirect to the next page:
        header( "Location: nextpage.html");
    }   
  
    mysqli_close($con);  
?>

You need to look into parameterized queries, atm your code open up your database to whoever wants to read your passwords…

Do you get into the else-block? If you’re not sure then try to echo/dump out some data there and see if it’s posted. The header-redirect works fine here, so not sure why you’re having trouble.

Yes - I do get to the else block. I know this because in another version, I had an “echo” there, and it was outputting the desired text.

Thank you for the help. I actually got it to work by putting a little script in there, since I couldn’t use “header” due to the fact that my php was embedded in my HTML code, and had some output before the redirect. I could post the code if you’d like.

It’s always nice when people show how they solved their issues.

Generally it’s considered good practice to separate logic and view. So you should try to do your php stuff before parsing output

if(isset($_GET[‘submit’])){

$Fname = htmlentities($_GET[‘Fname’]));
$Lname = htmlentities($_GET[‘Lname’]));

if(strlen($Fname)>4 & strlen($Lname)>4){
///check if the is in database
$check = mysqli_query("SELECT * FROM USER_TABLE WHERE = Fname = ‘$Fname’ ")
or die(“chk fail”);
if(mysql_num_rows()>0){

/// run query
}else{
echo “username was not found!”;
}

}else{
echo “pls enter a valid name”;
}

}

Since my PHP code was embedded in the middle of my html code, I actually had to put a little javascript in there to solve the issue. So in my if/else block, if the username/password was invalid, the else block does the following:

printf(“”);

Thanks everyone for your help and input! Much appreciated!

-Phil