If in PHP it is isset($_POST['email'] then in HTML it should be <input type="text" name="email" placeholder="email"> which is the most suggestive.
Now nothing prevents HTML from being <input type="text" name="usuario" placeholder="Usuário"> but in PHP it should be isset($_POST['usuario']
The only error in your code is this. See your working code functional example Existing login [email protected] password ABCD returns 1 to any other return 0
<?php
$conn = mysqli_connect("localhost","USUARIO","SENHA",Nome_DB");
if (isset($_POST['email']) && isset($_POST['senha'])) {
$email = $_POST['email'];
$senha = $_POST['senha'];
$get = mysqli_query($conn, "SELECT * FROM usuarios WHERE email = '$email' AND senha = '$senha'");
$num = mysqli_num_rows($get);
echo $num;
}
?>
<!DOCTYPE html>
<html lang="pt" dir="ltr">
<head>
<meta charset="utf-8">
<title>Painel Admin Login</title>
</head>
<body>
<form action="" method="post">
<input type="text" name="email" placeholder="email"><br>
<input type="password" name="senha" placeholder="Senha"><br>
<input type="submit" value="Login">
</form>
</body>
</html>
As you can see, you did not just want to know what the error was in your question, which had been given in my already deleted comment. I'll post a complete and secure response so that you have a good learning experience.
1 - Be careful when constructing your SELECT statement, because the more data that is read from the tables, the longer it will take to execute. Especially when the database server is separate from the application server, because the data will have to pass through the network between the two.
Make it a habit to always specify the columns you'll need when assembling your SELECT.
2 - <input type="email"> validates the field to ensure the typed data is actually a valid email address.
3 - required is a Boolean attribute used to indicate that a determining form field is required to send it. When you add this attribute to a form field, the browser forces the user to enter data in that field before submitting the form.
4 - Avoid SQL Injection using Prepared Statements in PHP.
One of the biggest vulnerabilities of websites, SQL injection is also, in the case of PHP, one of the easiest to prevent. Unfortunately, many do not take the necessary precautions and end up having their data compromised.
In the example I'm going to use prepared statements using PHP PDO extension
In PHP, the MySQLi extension also supports prepared statements, but it is better to use the PDO as it facilitates migration to other banks, as well as offering a concise API between them.
Functional sample
<?php
$servername = "localhost";
$username = "USUARIO";
$password = "SENHA";
$dbname = "Nome_DB";
if(isset($_POST['submit'])){
if ( (isset($_POST['email']) && !empty($_POST['email'])) && (isset($_POST['senha']) && !empty($_POST['senha'])) ) {
$email = $_POST['email'];
$senha = $_POST['senha'];
try{
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
// define o modo de erro do PDO para exceção
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $conn->prepare("SELECT email, senha FROM usuarios WHERE email= :email and senha = :senha");
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->bindParam(':senha', $senha, PDO::PARAM_STR);
$stmt->execute();
$users = $stmt->fetchAll(PDO::FETCH_ASSOC);
$count = count($users);
echo $count;
}
catch(PDOException $e)
{
echo $sql . "<br>" . $e->getMessage();
}
$conn = null;
}else{
echo "Os dois campos são obrigatorios";
}
}
?>
<!DOCTYPE html>
<html lang="pt" dir="ltr">
<head>
<meta charset="utf-8">
<title>Painel Admin Login</title>
</head>
<body>
<form action="" method="post">
<input type="email" name="email" placeholder="email" required><br>
<input type="password" name="senha" placeholder="Senha" required><br>
<input type="submit" value="Login" name="submit">
</form>
</body>
</html>
5 - Why client side (front-end) and server-side (back-end) validation
Validating data being sent by the user only in javascript is not enough because of:
-
If the user disables javascript, you may end up with invalid data on the server
-
Because the front end is accessible in the browser. And all the code that is there, can end up being changed by someone who has advanced knowledge and bad intentions. The JavaScript code can be perfectly changed and thus validation can be circumvented.
-
Server validations make a site less susceptible to malicious robots
In summary ... it's worth cautioning against all these unknown agents, doing the validation on the server (which is the most trusted agent) as being the main ... and in javascript, as a validator, by you do not need to go to the server.
6 - - The try / catch block is used to handle exceptions, handling of codes that may not be fully met and generate some exception / error.
The try is able to recover errors that may occur in the code provided in your block.
The catch in turn treats the errors that have occurred.
Should be used preferably when the developer can not guarantee that the code will run successfully.
