Hi I am trying to build a login form for my website but the code is keep giving me error I have made them bold:
<?php
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST")
{
//connect to database
$con=mysqli_connect("localhost","root","","") or die();
//execute query
$query ="SELECT Username, Password from `useraccount` where Username= '$_POST[Username]'and Password='$_POST[Password]'";
$result= \mysqli_query($query);
while($row = mysqli_fetch_array($result))
{
if($_POST['Username']==$row['Username'] && $_POST['Password']==$row['Password'])
{
header("Location:account.php");
}
else
{
echo "You got credentials wrong";
}
}
}
?>
Also is it correct if I put the code below in the account.php?
<?php
session_start();
echo "Welcome ". $_SESSION['username'];
?>
<?php
session_destroy();
header("Location:login.php");
?>
PHP Mysqli login form - Help
Moderator: General Moderators
Re: PHP Mysqli login form - Help
Take some time to look through the MySQLi documentation
Here you're telling it to connect to localhost as root with no password (!) and you to use no database. You really need to specify that fourth argument before anything is going to work.
http://ca1.php.net/manual/en/mysqli.construct.php
You're passing unsanitized user data directly into your query. This will end in tears. Either escape your inputs or, better still, use prepared statements. This also suggests you're storing passwords in plain text, which you really shouldn't be doing. Hash your passwords before storing them. When a user tries to log in, hash the password they provided and compare the hashes.
mysqli_query requires two arguments; the connection to use, and the query to run, in that order. You're only providing one argument.
http://ca1.php.net/manual/en/mysqli.query.php
Code: Select all
$con=mysqli_connect("localhost","root","","") or die();http://ca1.php.net/manual/en/mysqli.construct.php
Code: Select all
$query ="SELECT Username, Password from `useraccount` where Username= '$_POST[Username]'and Password='$_POST[Password]'";Code: Select all
$result= \mysqli_query($query);http://ca1.php.net/manual/en/mysqli.query.php
In future, please post the errors you're getting. It makes troubleshooting these things much easier.but the code is keep giving me error