Login Page Not Connected to Registration page

Question

the registration form is connected to the database via db.php but I am having trouble in submitting the login details.

<html>
<head>
 <?php
 include('db.php');

$username = @$_POST['username'];
$password = @$_POST['password'];
$submit = @$_POST['submit'];

the main problem is after the submit button is clicked by an existing user it should give the message but there's problem in the statement, because on the its showing only the message ie Error. 语句存在问题，因为在它仅显示消息，即Error。

if ($submit)
{
$result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
if (mysql_num_rows($result)) { 
    $check_rows = mysql_fetch_array($result); 
$_POST['username'] = $check_rows['username']; 
$_POST['password'] = $check_rows['password']; 

echo "<center>";
echo "You are now Logged In. ";
echo "</center>";                       
}
else {
echo "<center>";
echo "No User found. ";
echo "</center>";
}
}
else echo "Error";
?>
</head>
<body>
<form method="post">
Username : <input name="username" placeholder="Enter Username" type="text"><br></br>
Password : <input name="password" placeholder="Enter Password" type="password"><br>
<input type="submit" value="Submit">
</body>
</html>

Answer 1

You want get $_POST with name submit , but do not send it to the form

Try change

<input type="submit" value="Submit">

to

<input type="submit" name="submit" value="Submit">

Answer 2

Firstly this is old style of php/mysql. So look at PDO on php.net seeing as you are setting out on new project it really wont be hard to make the change now rather than later.

Now onto your issue. if you intend on carrying on with your old method try this.

$sql = "SELECT * FROM user WHERE username=' . $username . ' AND password=' . $password . '";

// check the query with the die & mysql_error functions
$query = mysql_query($sql) or die(mysql_error());
$result = mysql_num_rows($query);

// checking here equal to 1 In a live case, for testing you could use >= but not much point.
if ($result == 1) {

    // Checking needs to be Assoc Now you can use the field names, 
    // otherwise $check_rows[0], $check_rows[1] etc etc
    $check_rows = mysql_fetch_assoc($query); // oops we all make mistakes, query not result, sorry.

    // This is bad but for example il let this by, 
    // please dont access user supplied data without
    // validating/sanitising it.        
    $_POST['username'] = $check_rows['username']; 
    $_POST['password'] = $check_rows['password'];

} else {

    // do not logged in here

}

The same in PDO

$sql=" Your query here ";
$pdo->query($sql);
$pdo->execute();
$result = $pdo->fetch();

if ($result = 1) {
    // do login stuff
} else {
    // no login
}

Remember though that you need to set up PDO and it may not be available on your server by default (older php/mysql versions) but your host should be happy enough to set them up.