A beginner question in PHP.

Discussion in 'PHP' started by Sayedtaqui, Feb 19, 2013.

0
  1. #1
    Hi I m new to PHP and I m creating my own CMS for practice, and have two problems that I m not able to get the solution for. But let me show you my code before I ask my question.
    The login Page(index.php)
    
<?php
require('includes/connection.php');
 
 
if(isset($_POST['submit'])){
         
    $username=$_POST['username'];
    $password= $_POST['password'];
   
    $query= mysql_query("SELECT * FROM users WHERE username='$username' ");
    $results= mysql_fetch_array($query);
   
    if($username==$results['username'] && $password==$results['password'] ){
        echo "Logged In Succesfully! Welcome" ;   
        session_start();
        $_SESSION['user']="user";
        header("Location: admin.php");
        }elseif($username!==$results['username'] && $password!==$results['password']){
            echo "<h5 class=\"shifterror\">Username or the password is incorrect</h5>";
            }elseif($username==$results['username'] && $password!==$results['password']){
                echo "<h5 class=\"shifterror\">Password is incorrect</h5>";
                }   
    }
 
if(isset($_GET['m']) ){
    $id=$_GET['m'];
    if($id==1){
    echo "<h5 class=\"shifterror\">You have sucessfully logged out</h5>";
    }
      }
?>
 
 
<body>
 
    <div id="admin">
    <img src="images/logo.png" />
            <div id="loginarea">
            <form action="index.php" method="post">
            <p><label  for="userlogin">Username</label></p><input type="text" name="username"  id="userlogin" />
            <p><label for="userpassword">Password</label></p><input type="password" name="password"  id="userpassword"/>
            <label for="rememberme">Remember Me</label><input type="radio" value="1"  name="remember"  />
            <input type="submit" name="submit" value="Login" class="button movebutton" />
            </form>
            </div>
    </div>
 
</body>
</html>
    Code (markup):
    Landing page from login (admin.php)

    <?php
 
if(isset($_POST['remember'])){
    setcookie("user", 100 , time()+(60*60*24));
    }else{
        setcookie("user", 100 , time()-(60*60*24));
        }
       
?>
 
 
<!--Header -->
<?php include('templates/header.php'); ?>
 
 
<!--Sidebar -->
<?php include('templates/sidebar.php'); ?>
 
<div id="content_wrapper">
    <div id="content">
        <h1>Welcome to your Dashboard</h1>
    </div>
</div>
 
</body>
</html>
    Code (markup):


    page for creating new pages(createpages.php)

    <?php require_once('../includes/functions.php'); ?>
<link rel="stylesheet" type="text/css" href="../css/style.css">
 
<?php
if(isset($_POST['submit'])){
$title= $_POST['title'];
$content= $_POST['content'];   
 
$query= mysql_query("INSERT INTO pages(pagename,content) VALUES('$title', '$content')");
if(!$query){
    die("Could not add a new page".mysql_error() );
    }else {
        echo "<h5 class=\"littlemore\">Added sucessfully</h5>";
        }
}
?>
 
 
<div id="content_wrapper">
    <div id="content">
        <h1>Add New Pages</h1>
       
      <form action="createpages.php" method="post">
        <input type="text" placeholder="Enter Your Title Here" name="title" >
        <textarea cols="80" id="editor1" name="content" rows="10"></textarea>
       
        <p>
            <input type="submit" value="Add New" name="submit" class="button"  >
        </p>
    </form>
 
    </div>
</div>
<!--sidebar2  -->
<?php include('../templates/sidebar2.php') ?>
</body>
</html>
    Code (markup):

    so Problem1: As you can see, I have added one radio button "remember me" and the name is "remember" . I want to set the cookies only when the user checks that radio button or else unset the cookies. But its not happening when I write conditions (like if(isset($_POST['remember']))). But the cookies get set, when I dont write condition. Can you tell what mistake m I making or what I should do?

    Problem 2: I have created another form for creating new pages and I m inserting title and content into the database, which gets inserts with no problem however if the user uses a inverted commma or ' or any other special character in the input it shows an error

    "Could not add a new pageYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's', ' ')' at line 1"
    Code (markup):
    for content I have chosen "text" and for title I have chosen VARCHAR type in the table. M i doing something wrong.


    Thanks
     
    Solved! View solution.
    Sayedtaqui, Feb 19, 2013 IP
  2. MyVodaFone

    MyVodaFone Well-Known Member

    Messages:
    1,048
    Likes Received:
    42
    Best Answers:
    10
    Trophy Points:
    195
    #2
    Short answer, you need to wrap your inputs using mysql_real_escape_string()

    Long answer... read about alternatives also show on that link above, browse through the examples and choose whats best for you.

    Note! if you escape the string going in to the database, you must do the same when calling the data out.
     
    MyVodaFone, Feb 20, 2013 IP
  3. #3
    Seems this thread was written twice. You can find my long answer here.

    https://forums.digitalpoint.com/threads/a-beginners-question-in-php.2637782/
     
    Graex, Feb 20, 2013 IP