$username = "system";
$password = "Mwasif2001";
$connectionString = "localhost/ORCL";

$conn = oci_connect($username, $password, $connectionString);
if (!$conn) {
    $e = oci_error();
    trigger_error(htmlentities($e['message'], ENT_QUOTES), E_USER_ERROR);
// username and password sent from form 
$tbl_name = 'USERS';
if(isset($_POST['username']) && isset($_POST['pass']))
    echo ('i am here');

// To protect MySQL injection
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = mysqli_real_escape_string($conn, $_POST['pass']);

$sql="SELECT * FROM $tbl_name WHERE username='$username'";
echo $sql;

$stid = oci_parse($conn, "SELECT * FROM $tbl_name where username='$username'");
$result = oci_execute($stid);
$count = oci_num_rows($stid);

$stid1 = oci_parse($conn, "SELECT * FROM $tbl_name where user_password='$password'");
$result1 = oci_execute($stid1);
$count1 = oci_num_rows($stid1);

// If result matched $username and $password, table row must be 1 row
if($count == 1 && $count1 == 1)
// Register $username, $password and redirect to file "login_success.php"
$_SESSION["username"] = $username;
else if($count == 0) {
$failed = 1;
else if($count1 == 0) {
$failed = 1;

I am getting error when i try to submit my form that is undefined index please helpme.

  1. Password should be crypted!
  2. In to the lines 2 and 3 variables defined - ok. But do not need set default values because if not set both post variables then in lines 13-17 values not replaced!
  3. Lines 26 and 27 you again try to get values from post variables - any previous activities with variables $username and $password replaced in this step.

I recommend use filter_input() function

@Andrisp problem is with my post statement. I am getting error undefined index please tell me what can i do

It raise in line 26 if post variable not set. Use function filter_input () in lines 2 and 3. Remove lines 13-27

@Andrisp my php array is emtpy even after submitting the form the values are not passed in that array

Check your post variables print_r($_POST)

Andrisp its giving an empty array

Member Avatar

Why are you using mysqli with oracle? Two different products. See this:


The parse function is similar to the prepare for mysqli and PDO. However, this isn't your issue. An empty $_POST variable suggests the form data is not being passed by a POST method. You do not show your form html, so I'm assuming you either don't have a method attribute (defaults to GET) or it's actually set to GET.

Also using session_start() or header() after output ( echo "i am here" or trigger_error) probably won't work. Unless it's held in an output buffer.

Sorry mistake in my post oci_prepare is not a function - correct function name is oci_parse. Use similar variable names for connect to db and authorize user also is very bad idea.

This is my Html form

<form  name="myform" action="verify.php" method = "POST" enctype="multipart/form-data">
  <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
    <input class="mdl-textfield__input" type="text" id="sample3" name="USERNAME" required="" aria-required="true"/>
    <label class="mdl-textfield__label" for="sample3">Enter Username</label>
       <span class="mdl-textfield__error"><?php
      if (isset($_GET["msg"]) && $_GET["msg"] == 'failed') {
echo "Wrong Username";

            <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
    <input class="mdl-textfield__input" type="password" id="sample3" name="USER_PASSWORD" required="" aria-required="true"/>
    <label class="mdl-textfield__label" for="sample3">Enter Password</label>
                 <span class="mdl-textfield__error"><?php
      if (isset($_GET["msg1"]) && $_GET["msg1"] == 'failed') {
echo "Wrong Password";
            <div class="modal-footer">
        <button type="submit" class="btn btn-primary" name="submit">Login</button>
        <span> <a href="forgotPassword.php"> <br> Forgot Pasword? </a></span>
  1. Replace method = "POST" without white spaces method="POST"
  2. I see in HTML form name="USERNAME" and name="USER_PASSWORD" but you try to get values from $_POST['username'] and $_POST['pass'] - it case sensitive and do not match password field name
  3. I want to remind you again PASSWORD SHOULD BE CRYPTED! Never save unencrypted passwords in the database!
  4. Your user authorization method is invalid - any user can authorize with other user name and self password