0

I am trying to make a simple php and sql login form, but it is not working

Can anyone help me to fix my code?

<form  method="post" action="form.php">
    Username <input type="text" name="username"><br>
    Password <input type="password" name="password">
    <br>
    <input type="submit" name="submit" value="submit">
</form>


<?php
if (isset($_POST['submit'])) {

    $username = $_POST['username'];
    $password = $_POST['password'];
    $con = mysql_connect("localhost", "root", "");
    mysql_select_db($con, "formcolumn");
    $sql = mysql_query("select * from data1_table where username='$username' and password='$password' ");
    $row = mysql_fetch_array($sql);
    $uname = $row['username'];
    $pass = $row['password'];
    if ($username == $uname && $password == $pass) {
        header("Location: main.php");
    } else {
        echo "invalid username and password ";
    }
}
?>
Mr Lister
  • 45,515
  • 15
  • 108
  • 150
Mohit gupta
  • 15
  • 2
  • 1
    what error are you getting ? – Sunil Verma Dec 27 '13 at 13:02
  • Your script is vulnerable to SQL injections. You should learn [how to prevent them](http://stackoverflow.com/q/60174/53114). – Gumbo Dec 27 '13 at 13:03
  • 3
    "*it is not not working*" is not an acceptable error description. –  Dec 27 '13 at 13:03
  • where do you get error and what error do you get please explain – semirturgay Dec 27 '13 at 13:03
  • Once you've fixed the problem please consider that there's no point in checking username and password equal the values that you used to select the row. – Popnoodles Dec 27 '13 at 13:03
  • what error are you getting? – Nilesh Dec 27 '13 at 13:05
  • Warning: mysql_select_db() expects parameter 1 to be string, resource given in C:\xampp\htdocs\php\zz\m\form.php on line 17 Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\php\zz\m\form.php on line 19 invalid username and password – Mohit gupta Dec 27 '13 at 13:08
  • Please show the generated SQL `select * from data1_table...` – Popnoodles Dec 27 '13 at 13:14

2 Answers2

1

Replace mysql_select_db($con, "formcolumn"); with mysql_select_db("formcolumn",$con); where formcolumn is your Database name

Popnoodles
  • 28,090
  • 2
  • 45
  • 53
Mahavir Nahata
  • 86
  • 3
  • thanks bro still getting 1 warning Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\php\zz\m\form.php on line 19 – Mohit gupta Dec 27 '13 at 13:13
0

Interchange the positions of your parameters in your mysql_select_db function bass the name of your database first then pass the connection. You must remember this is a predefined function and it is defined to accept parameters in a certain order therefore it expects that the first parameter passed to the function is going to be the database name.

You should have 

mysql_select_db("formcolumn",$con);

also why not try something along the lines of this:

$sql = "select * from data1_table where username='$username' and password='$password'";
$result = mysql_query($sql,$con);
$row= mysql_fetch_assoc($result);
Orville Patterson
  • 524
  • 4
  • 20