SQL returning null rows

Question

I have the below PHP code for returning the user details from the table

<?php

$con=mysqli_connect("localhost","root","");
if(!$con)
    {
        die('Could not connect'.mysqli_error());
    }
mysqli_select_db($con,"mysql");
$username=$_POST["username"];
$password=$_POST["password"];
$statement=mysqli_prepare($con,"Select * from bbau_login where username= ? and password= ? ");
mysqli_stmt_bind_param($statement,"ss",$username,$pasword);
mysqli_stmt_execute($statement);
mysqli_stmt_store_result($statement);
mysqli_stmt_bind_result($statement,$id,$name,$username,$password);

$user=array();

while(mysqli_stmt_fetch($statement))
    {
        $user['name']=$name;
        $user['username']=$username;
        $user['password']=$password;
    }
echo json_encode($user);
mysqli_stmt_close($statement);
mysqli_close($con);

?>

But it is returning null result when I am hitting this code from the application. If I run the sql with hard coded value

Select * from bbau_login where username= 'aqsdfg' and password= 'adjbf'

then I am getting the desired result but not with the sql specified in the php script

Also I checked I am getting the proper values in $username and $password. I think i need to pass the $username and $password in quotes. Please can someone help in writing correct query with quotes.

Answer 1

You have written incorrect spelling of password while passing it

change

 mysqli_stmt_bind_param($statement,"ss",$username,$pasword);

to

mysqli_stmt_bind_param($statement,"ss",$username,$password);

Answer 2

Well, I would think that a consistent spelling of pasword/password would help immensely:

#  vv
$password=$_POST["password"];
:
mysqli_stmt_bind_param($statement,"ss",$username,$pasword);
#                                                   ^

You may well, as you state, be "getting the proper values in $username and $password", but that's not going to help if you don't actually use what's in $password :-)