1

I have a database from MariaDB and I'm unsure about how to connect it with my php file. Is there some special thing I need to do with MariaDB to get its host value? Also is what I have for my query relating to the table and data from my database correct? My table from my database is called Users and it contains LoginID and password. Right now whenever I click the submit button it just shows my PHP file.

This is my relavent HTML:

<body>

<div class="mainbox">
    <h3 align="center">Log In</h3>
    <form role="form" class="form-horizontal" method="POST" action="login.php">
    <div class="form-group">
        <label for="Username">Username:</label>
        <input type="text" class="form-control" name="username" size="40" placeholder="Enter Username">
    </div>
    <div class="form-group">
        <label for="pwd">Password:</label>
        <input type="password" class="form-control" name="pass" size="40" placeholder="Enter Password">
    </div>
        <button id="Submit" type="submit" name="submit" class="btn btn-default">Submit</button>
    </form>
</div>

</body>

This is my php file login:

DB_Host is what confuses me since it is how I'm supposed to connect to MariaDB.

<?php 
define('DB_HOST', 'localhost');
define('UName', 'hudvs');
define('Pass', 'tnUJ6zbpmy')
define('DB_Name', 'db') 

$connect = mysqli_connect(DB_HOST, UName, Pass, DB_Name) or die("Failed to connect to MySQL: " . mysqli_error()); 

function LogIn() 
{ 
    session_start(); 
    if(!empty($_POST['username']))  
    { 
        $query = mysqli_query("SELECT * FROM Users where LoginID = '$_POST[username]' AND password = '$_POST[pass]'") or die(mysqli_error()); 
        $row = mysqli_fetch_array($query) or die(mysqli_error()); 
        if(!empty($row['LoginID']) AND !empty($row['password'])) 
        { 
            $_SESSION['LoginID'] = $row['password']; 
            echo "Successful login to user profile page!"; 
        } 
        else 
        { 
            echo "You've entered a wrong Username or a wrong password. Please retry"; 
        } 
    } 
}       
if(isset($_POST['submit'])) 
{ 
    LogIn(); 
} 
?>
ParPro
  • 197
  • 1
  • 6
  • 16
  • Sorry, what's your question? Are you getting any errors? – waterloomatt Jul 12 '18 at 20:11
  • Using `mysqli_connect` ... then `mysql_query` ... that wont work. My only guess, since the question really isn't clear. – IncredibleHat Jul 12 '18 at 20:11
  • Did you define constants `database_host`, `user_name`, ... ? Otherwise you might have forgotten `$` characters to make them a variable. In doubt show the declaration of those variables/constants. – Pinke Helga Jul 12 '18 at 20:12
  • I guess to really sum up what I'm really asking is how to I get my database to my php file – ParPro Jul 12 '18 at 20:15
  • So, the database connection is established correctly and you just ask how to output the results into the server reply? What is the actual output of your php page? – Pinke Helga Jul 12 '18 at 20:18
  • Possible duplicate of [Can I mix MySQL APIs in PHP?](https://stackoverflow.com/questions/17498216/can-i-mix-mysql-apis-in-php) – Mike Jul 12 '18 at 20:20
  • No the connection isn't established correctly yet but yes I am also asking if what I have for outputting the results into the server are correct – ParPro Jul 12 '18 at 20:21
  • Well, see my comment above. Also check what is the output of `echo database_host;`. If it is "database_host", then it is not defined as a constant. You should see warnings and error messages in the log file. – Pinke Helga Jul 12 '18 at 20:22
  • Ok now I added what my username, password, and databasename are – ParPro Jul 12 '18 at 20:33
  • How do you make a simple login? My best advice is, you don't. Don't reinvent the wheel, but instead pick up a framework that will handle this for you and that way you can be sure you're not making any mistakes, like using an old an deprecated/removed mysql connection API, not parameterizing your queries, not correctly hashing passwords, not dealing with CSRF attacks. I know that in Laravel you can get a simple login set up with a single command. – Mike Jul 12 '18 at 20:33
  • 1
    You were mixing `mysql_*` functions with `mysqli_*`, and then you edited your question and removed `mysqli` and now you're back to mixing them again. You can't mix APIs and expect things to magically work! Don't use `mysql_*` functions anymore. They were deprecated and are now removed since PHP 7.0. Instead use PDO or mysqli. – Mike Jul 12 '18 at 20:37
  • 1
    Also, `$_POST[username]` is not the same as `$_POST['username']`. You should start by [turning on error reporting](https://stackoverflow.com/questions/1053424/how-do-i-get-php-errors-to-display) because what you have there should be throwing errors/warnings at you. – Mike Jul 12 '18 at 20:39
  • @Mike I recommend mysqli for beginners. PDO is more flexible, however, error-prone as well. We should encourage people to learn prepared statements. It is not easy to properly configure PDO and validate if it does not fallback to emulated prepared statements by interpolating SQL strings. – Pinke Helga Jul 12 '18 at 20:44
  • @ParPro Your edit looks well. Try Mike's hints first: use `mysqli_query` and `mysqli_fetch_array` instead of the mysql versions. – Pinke Helga Jul 12 '18 at 20:51
  • Thanks y'all all these tips really helped, the only thing left that I'm pretty sure is the reason It isn't working yet is getting the IP address of MariaDB where my database is stored – ParPro Jul 12 '18 at 20:56
  • 1
    @Mike `"$_POST[username]"` and `$_POST['username']` actually is the same. The presented code is correct at this point. When interpolating, the array index does not have extra quotes. – Pinke Helga Jul 12 '18 at 20:57
  • @Quasimodo'sclone I actually have to disagree with you about mysqli being easier. Take a look at [this comparison](https://phpdelusions.net/pdo/mysqli_comparison). Also, turning off emulation is as simple as adding a single line in the constructor. – Mike Jul 12 '18 at 21:23
  • @Quasimodo'sclone And I stand corrected about `"$_POST[username]"`. I didn't realize it had different behavior when used in a string like that. I always use `"{$_POST['username']}"`. – Mike Jul 12 '18 at 21:45
  • Sometimes [PHP is strange](https://3v4l.org/RlYHr) to me. – Mike Jul 12 '18 at 21:50
  • @Mike The brace-enclosed interpolation is the much better form. Go on using it even in simple expressions like `"{$name}"` when no special circumstances prevent you from doing so. – Pinke Helga Jul 18 '18 at 08:43

0 Answers0