running php file returns nothing

0
votes

I know this is duplicate with this question. but I received the same error. I searched a lot for similar questions like : PHP not working on HTML file, PHP script not working in HTML file, Cannot run a simple PHP file on the server and many more but could not find any solution.

I created a very simple login html file, then I wrote the php scripts to do the login action in a separate php file. (in the same folder with html file). My problem is that when I type localhost/filename.php in browser, it returned me nothing. (I mean an empty html page without any error messege). Also, when I press the login button in my html login form, it asked me to save file while I expected to run the php file.

I checked the error log, this is the error:

script '/var/www/connectivity.php' not found or unable to stat [Wed May 07 17:51:28 2014] [notice] caught SIGTERM, shutting down [Wed May 07 17:51:29 2014] [notice] Apache/2.2.22 (Ubuntu) PHP/5.3.10-1ubuntu3.11 with Suhosin-Patch configured -- resuming normal operations [Wed May 07 19:25:34 2014] [error] [client 127.0.0.1] PHP Warning: mysql_connect(): Access denied for user 'root'@'localhost' (using password: NO) in /var/www/connectivity.php on line 7

this is the php script:

<?php
$host="localhost";
$user="root";
$pass="xxxxx";
$db="test";

$con=mysql_connect($host,$user,$pass) or die("Failed to connect to MySQL: " . mysql_error());
$db=mysql_select_db($db,$con) or die("Failed to connect to MySQL: " . mysql_error());

if(isset($_POST['userId'])){
   $userId = $_POST['userId'];
   $password = $_POST['password'];
   $sql = "SELECT *  FROM User where userId = '$userId' AND password = '$password'" or die(mysql_error());
   $res = mysql_fetch_array($sql) or die(mysql_error());
   if(mysql_num_rows($res) > 0) {
      echo "SUCCESSFULLY LOGIN TO USER PROFILE PAGE...";
      exit();
    }
        else
        {
                echo "SORRY... YOU ENTERD WRONG ID AND PASSWORD... PLEASE RETRY...";
                exit();
        }
 }

?>

could someone kindly help me to solve it?

Thanks

2
phphtmlbrowser
There are typographical errors in your PHP output. Please copy/paste exactly the error you are receiving, as well as the exact source code you are using in order for the community to diagnose your problem more accurately.esqew
try mysql_fetch_array($db,$sql) also use the newer mysqli instead of mysqlDev Man
It seems like you don't have some access privelegies issues. ALso not sure why you are running mysql instead of mysqli functions and why you are selecting database. Are there actually several dbs there? I would just go like this: DEFINE('DB_USER', 'root'); DEFINE('DB_PASSWORD','xxxxx'); DEFINE('DB_HOST', 'localhost'); DEFINE('DB_NAME', 'test'); $con = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); But I would first of all check your server settings, access settings especially. Also run both fields through mysqli_real_escape and check that both fields are not empty.AR.
@AR.I did what you said, but now when I point the browser to localhost/file.php it returned me a page with this error: Failed to connect to MySQL:mOna

2 Answers

2
votes

where is your mysql_query()?

I think you should add the mysql_query() and try again.

$sql = "SELECT *  FROM User where userId = '$userId' AND password = '$password'";

$query=mysql_query($sql) or die(mysql_error());    **// You didn't add this line**

$res = mysql_fetch_array($query) or die(mysql_error());

your all other code goes here.................. hop your problem is fixed

1
votes

There are a few issues with the code presented above. The first issue with nothing appearing on the screen is most likely due to PHP throwing errors and crashing OR that you don't have userId set in the HTTP Header for POST data. To make sure you are sending the POST data to the server, you can check the Developer tools of your web browser or on the top of the PHP script use the following code.

<?php
    echo '<pre>';
    print_r($_POST);
    echo '</pre>';
?>

As for the PHP errors, the first one I notice is that you fail to use the function mysql_query($sql) and you directly insert the SQL variable into mysql_fetch_array(). This is not the proper way to do this.

$sql = "SELECT *  FROM User where userId = '$userId' AND password = '$password'";
$res = mysql_query($sql);
if(!$res) {
   // Failed to perform SQL Query
   echo 'Mysql Query Failed';
   exit();
}

$row = mysql_fetch_array($res);
if(mysql_num_rows($res) > 0) {
    echo "SUCCESSFULLY LOGIN TO USER PROFILE PAGE...";
    exit();
}else {
    echo "SORRY... YOU ENTERED WRONG ID AND PASSWORD... PLEASE RETRY...";
    exit();
}

The other PHP issue is you don't check if $_POST['password'] isset, which you do check for the userId. This is a simple fix by changing one line of code.

if(isset($_POST['userId'])) {

// Changes To

if(isset($_POST['userId'],$_POST['password'])) {

My next note are security features you should really follow. The first main issue is your lack of parsing variables before inserting them into your SQL variable. Never insert variables that users can modify directly into your query. If you stick with the mysql_ functions, you will want to first run the command mysql_real_escape_string() on all variables you pass.

$userId = mysql_real_escape_string($userId);
$password = mysql_real_escape_string($password);
$sql = "SELECT *  FROM User where userId = '$userId' AND password = '$password'";

The next security issue is that you are not encrypting passwords. Alwasy encrypt passwords with unique salts for each user. When the user changes their password the salt should also change.

$salt = generate_salt(); // You need to create this function. Generate a lot of random characters. $password = hash('sha512',$password.$salt);

Using the above method, you do not want to use mysql_real_escape_string() on the password variable until after you generate it. If you do use it before hashing the password, the user will most likely have trouble logging in in the future since the password may not match.

The next fatal flaw in your code is that you are using the mysql_ functions which is now unsupported and deprecated. As you can see from the quote on the PHP website for all the mysql_ functions.

This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used.

I highly suggest PDO as apposed to MySQLi, but it is just personal preference.