-2

I am new to programming Here i am creating simple registration and login form,My registration form works right it register the input given by user in the database properly,But when i use the same username and password in my login form it doesn't work,It doesn't login the user,I am using prepared statement,Any help would be appreciated,Forgive me if i had made some obvious mistake.I look up several tutorials but can't figure it out....

Thanks....

This is my HTML code

<!DOCTYPE html>
<html>
<head>
    <title>Login page</title>
</head>
<body>
    <form method="POST" action="register.php">
        <div class="container">
            <label>Username :</label>
            <input type="text" name="username" placeholder="Username"><br><br>
            <label>Password :</label>
            <input type="Password" name="password" placeholder="Password"><br><br>
            <button type="sumbit" value="sumbit" name="sumbit">Register</button>
        </div>
    </form>
    <br><br>
    <form method="POST" action="login.php">
        <div class="container">
            <label>Username :</label>
            <input type="text" name="username" placeholder="Username"><br><br>
            <label>Password :</label>
            <input type="Password" name="password" placeholder="Password"><br><br>
            <button type="sumbit" value="sumbit" name="login">Login</button>
        </div>
    </form>
</body>

This is my code for login:

<?php
include "register.php";

session_start();


$username = $_POST['username'];
$password = $_POST['password'];



$sql = "SELECT * FROM users where username ='$username' && password='$password'";

$stmt = $conn->prepare($sql);

$stmt->bindParam(':username',$username);
$stmt->bindParam(':password',$password);
$stmt->execute();
$stmt->bind_result($username,$password);
$stmt->store_result();
$row = $stmt->fetch(PDO::FETCH_ASSOC);

if($stmt->row ==1){

    $_SESSION['login'] = $username;
    header("location: home.php");

}else{
    echo "Username and password is incorrect";

}

?>
Marc
  • 746
  • 1
  • 12
  • 28
Charlie_9816
  • 31
  • 1
  • 2
  • 7

2 Answers2

1

You are binding parameters and the parameters are not in the query string.

Change

SELECT * FROM users where username ='$username' && password='$password'

to

SELECT * FROM users where username =:username && password=:password
Danyal Sandeelo
  • 12,196
  • 10
  • 47
  • 78
0

You mistaken in your sql query and mixed methods of mysqli

    <?php
include "register.php";
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM users where username =':username' && password=':password'";
$stmt = $conn->prepare($sql); $stmt->bindParam(':username',$username); $stmt->bindParam(':password',$password); $stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if($row){
    $_SESSION['login'] = $username;
    header("location: home.php");
}else{
    echo "Username and password is incorrect";
} ?>

That's it.

  • $stmt->bind_result($username,$password); $stmt->store_result(); Remove this two lines from your code –  Apr 21 '19 at 10:11
  • If (!$_SESSION){ session_start() } –  Apr 21 '19 at 11:00
  • thanks man it helped but in the above code $sql = "SELECT * FROM users where username =':username' && password=':password' "; instead of ':username' ':password ' it should be :username :password without quotation symbol. – Charlie_9816 Apr 21 '19 at 12:27
  • Yeah that why only i am posting it from cell phone so its little bit hard for me😂 i hope you can understand –  Apr 21 '19 at 14:27