Login page using mysqli_fetch_row

Asked

Viewed 42 times

0

I am creating a very simple login page where the user type his name and password, the system scans the database(mysql) and validates its entry, however, when I enter the values correctly the system returns null.

Follow the html code

<html> 
    <body> 
        <h3>UP Consultoria</h3> 
        <p>Faça seu login</p> 
        <form  method="post" action="teste.php"  id="searchform"> 
          <input  type="text" name="name"> 
          <input  type="text" name="password">
          <input  type="submit" name="submit" value="Entrar"> 
        </form> 
      </body> 
    </html> `

Segue o código php:

    <?php
      if(empty($_POST['name']) or empty($_POST['password'])){
        echo "Digite valores válidos";
      }else{
      $nome=$_POST['name'];
      $senha=$_POST['password'];
      $link = mysqli_connect('localhost', 'root', '','Upconsul') or die (mysql_error());
      if($resultado = mysqli_query($link,"SELECT nome FROM usuarios WHERE nome=$nome",MYSQLI_USE_RESULT)){
        while($row = mysqli_fetch_row($resultado)){
            printf ("%s/n" ,$row[0]);
        }
        mysqli_free_result($resultado);
        }
    mysqli_close($link);
    }     
?>

I’m sure it’s something very banal, if you can help me I’m grateful. I’m using phpmyadmin to simulate the server.

php mysql mysqli

1 answer

1


Use Prepared statements to avoid sql injections and do not store passwords as plain text.

When using pass the values directly in the query the string values(varchar and others of type text) need simple quotes.

mysqli_query($link,"SELECT nome FROM usuarios WHERE nome = '$nome'")

Recommended reading:

Select with Prepared statements Mysqli

Browser other questions tagged php mysql mysqli

You are not signed in. Login or sign up in order to post.