Error trying to log in PHP

Navigation
3

I created a basic login with php for the site I'm developing, but when trying to log in, the following error occurs: "invalid user or password" , this error is in the code, but I do not understand why it happens, since I already checked the bank's data, such as user, password and bank name, they are all correct.

My code looks like this:

login.php 

     <?php 
        $cnpj    = $_POST['cnpj'];
        $senha   = $_POST['senha'];
        $conexao = mysqli_connect('localhost','root','');
        $db      = mysqli_select_db($conexao, 'treinamentos') or print(mysqli_error());
        $sql     = "SELECT * FROM usuario WHERE cnpj = '$cnpj' AND senha = '$senha'";
        $resultado = mysqli_query($conexao, $sql);
        if (mysqli_num_rows($resultado) == 0) {
           echo "Usuário ou senha não conferem" ;
           echo '<br><br><a href="../index.html">Voltar</a>';
           session_destroy();
        }else {
           header("Location:index.html");
        }
     ?>

html form 

<form method="POST" action="php/login.php">
    <div class="row form-group">
        <div class="col-md-12">
            <label for="username">CNPJ</label>
            <input type="text" class="form-control" id="cnpj" name="cnpj">
        </div>
    </div>
    <div class="row form-group">
        <div class="col-md-12">
            <label for="password">Senha</label>
            <input type="password" class="form-control" id="senha" name="senha">
        </div>
    </div>
    <div class="row form-group">
        <div class="col-md-12">
            <input type="submit" class="btn btn-primary" value="Acessar" id="acessar" name="acessar">
        </div>
    </div>
</form>

If you have an idea of what might be causing such an error, I appreciate any help.

    
asked by anonymous 16.01.2017 / 20:10

1 answer

5

There are several small errors ...

1. mysqli_select_db()

You're using as mysqli_select_db('treinamentos', $conexao) and it's actually the other way around, according to the documentation it's expected to be: 

mysqli_select_db ( mysqli $link , string $dbname )

Documentation

So you're inverting the parameters, you should use: 

mysqli_select_db($conexao, 'treinamentos')

2. mysqli_query()

The same error as above is waiting for you to use: 

mysqli_query ( mysqli $link , string $query [, int $resultmode = MYSQLI_STORE_RESULT ] )

Documentation

Instead of using mysqli_query($sql, $conexao) , you should use: 

mysqli_query($conexao, $sql);

In addition, as commented, beware that you are not handling the parameters properly.

Use at least mysqli_real_escape_string($conexao, $cnpj) , view documentation , as long as mysqli_set_charset is set correctly will suffice. Another option is to use mysqli_prepare it will require more modifications to the current code, recommend viewing this guide .

    
17.01.2017 / 01:47
Firebase security Setting execution timeout to infinity can affect server performance?