Validating a form in php (by using a mysql database)

Hi all, learner here.

I have been told to validate a form with a username and password using php and a mysql database.

So to do this I need to database to validate against.

I have created one in phpmyadmin / xampp called mydb. I can successfully connect to this database using

<?php
// Create connection
$con=mysqli_connect("localhost","userdb","","");

// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }
  
  else { echo "<h1>You're connected to userdb</h1>"; }
?>

In this database I created a table called 'users, and in this table I created two, “rows” I think they are called?, called ‘name’ and ‘password’. I’m not really sure what the primary key for this is, because I’m confused by the interface, but I think/hope it’s the name, because that was the first one I created.

Now moving on, hopefully?, I have created a webform with simple username / password fields

<h2>Enter your username and password</h2>
<br/><br/>
<h1>Name:</h1> <input type="text" name="name">   <br>
<h1>Password:</h1> <input type="text" name="password">
</div>

And basically here is the point I am up to.

I thought the first thing I would do is create two php variables to store the username and password in.

<?php 
$name = ""; 
$pw = ""; 
?>

And from here I don’t really know where to go. There is a tutorial here on Sitepoint that shows some validation, but it’s not putting anything into a databse. Just validating with php.

Help, tips, pointers?

Here is my whole html document, called index.php

<html> 
<head>
<style>
#main 
{
width: 700px; 
margin-left: auto; 
margin-right: auto; 

}
</style>
</head>
<body> 
<div id="main">
<?php
// Create connection
$con=mysqli_connect("localhost","userdb","","");

// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }
  
  else { echo "<h1>You're connected to userdb</h1>"; }
?>

<?php 
$name = ""; 
$pw = ""; 
?>
<h2>Enter your username and password</h2>
<br/><br/>
<h1>Name:</h1> <input type="text" name="name">   <br>
<h1>Password:</h1> <input type="text" name="password">
</div>

</body>
</html> 

Hi Granv11le, welcome to the forums

For starters, a database table is like, well, a table eg.
[table]
[tr][td][/td][td]columns[/td][/tr]
[tr][td][/td][td]name[/td][td]pw[/td][/tr]
[tr][td]row1[/td][td]Fred[/td][td]a1b[/td][/tr]
[tr][td]row2[/td][td]Mike[/td][td]ghj[/td][/tr]
[tr][td]row3[/td][td]Joe[/td][td]o9i[/td][/tr]
[/table]
If you look at the attachment you posted you’ll see it says “add column after” - ALTERing your table structure like shown is probably not what you want at this point. i.e.
[table]
[tr][td][/td][td]columns[/td][/tr]
[tr][td][/td][td]name[/td][td]new col[/td][td]pw[/td][/tr]
[tr][td]row1[/td][td]Fred[/td][td][/td][td]a1b[/td][/tr]
[tr][td]row2[/td][td]Mike[/td][td][/td][td]ghj[/td][/tr]
[tr][td]row3[/td][td]Joe[/td][td][/td][td]o9i[/td][/tr]
[/table]

Primary Keys must be unique values, so unless you know every row will have different values, you may want to add an “id” column, usually AUTO INCREMENT eg.
[table]
[tr][td][/td][td][/td][td]columns[/td][/tr]
[tr][td][/td][td]id[/td][td]name[/td][td]pw[/td][/tr]
[tr][td]row1[/td][td]1[/td][td]Fred[/td][td]a1b[/td][/tr]
[tr][td]row2[/td][td]2[/td][td]Mike[/td][td]ghj[/td][/tr]
[tr][td]row3[/td][td]3[/td][td]Joe[/td][td]o9i[/td][/tr]
[/table]

Hi, thank you for your reply.

Yeah I wasn’t about to alter the table, I just meant to show the structure and see if it’s ok?

I think what I have to do now is insert some data from the html form into that table.

I was thinking of something like

<?php

$con=mysqli_connect("localhost","userdb","","");

// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }
  
  

$sql = "INSERT INTO `userdb`.`users` (`name`, `password`) VALUES (\\'eric\\', \\'123456\\');";
?>

Or something like that? I’m just getting this code from the phpmyadmin window. I’m not sure how to activate that code, though? Do I need a button click or

You’re getting a bit ahead of yourself. First you’ll need to fix the mark-up a bit.

*the exammple code doesn’t show it, but the form tag should have action and method attributes.

To Submit user input, (unless you use javascript, but that can wait), you need to put the inputs - and a submit button - inside of form tags.
And the labels should not be inside heading tags.

Ok, i’ve redone it with a new form. Is this getting closer?

Here are both files

index.php

<html> 
<head>
<style>
#main 
{
width: 700px; 
margin-left: auto; 
margin-right: auto; 

}
</style>
</head>
<body> 
<div id="main">


<?php 
$name = ""; 
$pw = ""; 
?>

<form action="insert.php" method="post">
Name: <input type="text" name="name"><br>
Password: <input type="text" name="pw"><br>
<input type="submit" value="log in">
</form>



</div>

</body>
</html> 

<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Untitled Document</title>
</head>

<body>
<?php

$con=mysqli_connect("localhost","userdb","","");

// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }
  
  else 
  {
	echo "you are connnected";   
  }
  
  

$sql="SELECT * FROM userdb WHERE name='$name' LIMIT 1";
?>

</body>
</html>

Much better.
You don’t need

<?php 
$name = ""; 
$pw = ""; 
?>

in your form file (unless the form and database code are in the same file, then maybe)
When the form is submitted the input values will be sent as $_POST variables to where “action” points to and PHP can use them.
So for a simple “not safe for a live site” (not sanitized or validated) example it would be something llike

<?php
$name = $_POST["name"];
$pw = $_POST["pw"];

$con=mysqli_connect("localhost","userdb","","");

// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }
  
  else 
  {
	echo "you are connnected";   
  }
  
  

$sql="SELECT * FROM userdb WHERE name='$name' LIMIT 1";
?>