1
<?php
    //Start session
    session_start();
 
    //Include database connection details
    require_once('connection.php');
 
    $email = $_POST["email"];
    $pass = $_POST["password"];

// Select the database to use

$query = "SELECT * FROM users WHERE email=$email and password=$password";

$result = mysqli_query($connection, $query);


$row = mysqli_fetch_array($result);

if($row["email"]==$email && $row["password"]==$pass)
    echo"You are successful login.";
else
    echo"Sorry, your email or password is not valid, Please try again.";
?>

I tried to code the line of error return after $result but the same error display after login.

this error shows up

Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given in D:\XAMPP\htdocs\codeinventor\login.php on line 18

Sorry, your email or password is not valid, Please try again.

Community
  • 1
  • 1
Alzira Barretto
  • 153
  • 1
  • 9
  • print the query and run it phpmyadmin and see whats happening – Arun Kumaresh Mar 14 '16 at 12:07
  • 2
    try enclose $email and $password in single quote '$email' – codeGig Mar 14 '16 at 12:07
  • @Jitendra it's work but it display Connected SuccessfullySorry, your email or password is not valid, Please try again. I want it to redirect to another page. How to do it? and want to figure it out if the user login. – Alzira Barretto Mar 14 '16 at 12:20
  • may be you use 'Connected Successfully' in connection.php for successfull connection. change it to not successfull then show message – codeGig Mar 14 '16 at 13:00
  • Sorry forget to tell you it's work. Right now, I'm trying to code Welcome (username)! but that didn't work. Trying to work it out. – Alzira Barretto Mar 14 '16 at 13:20
  • Does this answer your question? [mysqli\_fetch\_assoc() expects parameter / Call to a member function bind\_param() errors. How to get the actual mysql error and fix it?](https://stackoverflow.com/questions/22662488/mysqli-fetch-assoc-expects-parameter-call-to-a-member-function-bind-param) – Dharman Apr 08 '20 at 23:31

2 Answers2

2

mysqli_query returns false because something is wrong with your query. You can retrieve the error message from the MySQL server with mysqli_error($connection) for debugging.

Most likely, the problem is that $email and $password are strings, but you have neither quoted nor escaped them in your query. In addition, you have used the variable $password in the query, but actually named it $pass. The way you're building your query is especially dangerous since it is prone to SQL injection. A better approach would be:

$query = "SELECT * FROM users WHERE email='" . mysqli_real_escape_string($connection, $email) . "' and password='" . mysqli_real_escape_string($connection, $pass) . "'";

Furthermore, I do not recommend checking the existence of the row for logins due to the danger of SQL injection. Fetching the password of the user from the database and comparing it to the given password in the PHP code could be safer. For example, with your unescaped (but properly quoted) query an attacker could specify "' OR TRUE" or something similar as password so that the query wouldn't actually check if the password is correct.

Edit: As Jordy suggested in the comments, prepared statements would not only be safe, but also more elegant than escaping the parameters manually:

$stmt = mysqli_prepare($connection, 'SELECT `password` FROM `users` WHERE `email` = ?');
mysqli_stmt_bind_param($stmt, 's', $email);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $real_pass);

if (mysqli_stmt_fetch($stmt) && $real_pass == $pass)
    echo "Login successful";
else
    echo "Sorry, your email or password is not valid, Please try again.";

mysqli_stmt_close($stmt);
Callidior
  • 2,899
  • 2
  • 18
  • 28
0

Instead of fetching the row why dont you just count the number of rows. It would be better so the code will be.

$row_cnt = mysqli_num_rows($result);
if($row_cnt > 0)
    echo"You are successful login.";
else
    echo"Sorry, your email or password is not valid, Please try again.";
Indrajit
  • 405
  • 4
  • 12