Login page using mysqli_fetch_row

Navigation
0

I am creating a fairly simple login page where the user enters their name and password, the system does the database scan (mysql) and validates its input, however, when I enter the values correctly the system returns null .

Follow the html code 

<html> 
    <body> 
        <h3>UP Consultoria</h3> 
        <p>Faça seu login</p> 
        <form  method="post" action="teste.php"  id="searchform"> 
          <input  type="text" name="name"> 
          <input  type="text" name="password">
          <input  type="submit" name="submit" value="Entrar"> 
        </form> 
      </body> 
    </html> '

Segue o código php:

    <?php
      if(empty($_POST['name']) or empty($_POST['password'])){
        echo "Digite valores válidos";
      }else{
      $nome=$_POST['name'];
      $senha=$_POST['password'];
      $link = mysqli_connect('localhost', 'root', '','Upconsul') or die (mysql_error());
      if($resultado = mysqli_query($link,"SELECT nome FROM usuarios WHERE nome=$nome",MYSQLI_USE_RESULT)){
        while($row = mysqli_fetch_row($resultado)){
            printf ("%s/n" ,$row[0]);
        }
        mysqli_free_result($resultado);
        }
    mysqli_close($link);
    }     
?>

I'm sure it's something very banal, if you can help me, I'm grateful. I'm using phpmyadmin to simulate the server.

    
asked by anonymous 22.02.2016 / 19:49

1 answer

1

Use prepared statements to avoid sql injections and do not store passwords as plain text.

When using values pass directly in the query string values (varchar and others of type text) need single quotation marks. 

mysqli_query($link,"SELECT nome FROM usuarios WHERE nome = '$nome'")

Recommended reading:

Select with prepared statements MySQLi

    
22.02.2016 / 19:54
JArray add values How to make an image if to adjust to various screen sizes on Android?