CODEWITHSUNDEEP
phpdatabaseauthenticationmysqli
Ryan K
Ryan K

Reputation: 346

PHP mysqli query isnt working

when the user enters their details they click on login but its not working, my connection to the database is fine its this file that is not working, any help would be appreciated, thanks 

include '../connection.php'; //used to include connection file that is 1 level higher in the directory 

$username = $_REQUEST['username'];
$password = $_REQUEST['password'];

$fquery = 'SELECT Username FROM login LIMIT 0, 30 ';
$squery = 'SELECT Password FROM login LIMIT 0, 30 ';

$username_query = mysqli_query($dbc, $fquery);
$password_query = mysqli_query($dbc, $squery);

$username_row = mysqli_fetch_array($username_query);
$password_row = mysqli_fetch_array($password_query);

if($username == $username_row && $password == $password_row) {
    echo 'username and password correct';
}


?>

Upvotes: 0

Views: 142

Answers (3)

Juris Malinens
Juris Malinens

Reputation: 1271

$username = mysqli_real_escape_string($dbc, $_REQUEST['username']);
$password = mysqli_real_escape_string($dbc, $_REQUEST['password']);
$query = "SELECT * FROM login WHERE Username = '$username' AND Password = '$password' LIMIT 1";

if(mysqli_num_rows($query) > 0)
    echo 'username and password correct';

Upvotes: 0

Brandon
Brandon

Reputation: 66

<?php

include '../connection.php'; //used to include connection file that is 1 level higher in the directory 

$username = $_REQUEST['username'];
$password = $_REQUEST['password'];

$query = 'SELECT Username FROM login WHERE Username = ? AND Password = ?';

/* set a default value to check against */
$valid_user = '';

/* use prepared statement */
$stmt = mysqli_stmt_init($dbc);
if (mysqli_stmt_prepare($stmt, $query)) {
    /* set question marks equal to values */
    mysqli_stmt_bind_param($stmt, 'ss', $username, $password);
    mysqli_stmt_execute($stmt);

    /* get the valid username only if query is successful */
    mysqli_stmt_bind_result($stmt, $valid_user);
    mysqli_stmt_fetch($stmt);

    /* close the statment */
    mysqli_stmt_close($stmt);
}


/* check if default was overwritten */
if($valid_user != '') {
    echo 'username and password correct';
}
?>

Try this out, should accomplish what you are trying to do.

Upvotes: 2

Joe Brown
Joe Brown

Reputation: 637

     $username_query = mysqli_query($dbc, $fquery);
     $password_query = mysqli_query($dbc, $squery);       
     $username_row   = $username_query->fetch_array(MYSQLI_ASSOC);
     $password_row   = $password_query->fetch_array(MYSQLI_ASSOC);        

     if($username == $username_row['username'] && $password == $password_row['Password']) {
       echo 'username and password correct';
     }

Upvotes: 0

Related Questions