PHP SELECT statement not working

Question

I am making a login form for my website. When I click submit on my login form it doesn't seem to run the SELECT statement as it is in my code.

$result = $mysqli_conn->query("SELECT * FROM user WHERE email = '$emailclean' AND password = '$passwordclean'");

    if($row = mysqli_fetch_assoc($result)){

      $finalmessager['success'] = 'You are logged in';
      $_SESSION['finalmessager']= $finalmessager;
    }else{
      $finalmessager['fail'] = 'You are not logged in';
      $_SESSION['finalmessager']= $finalmessager;
    }

It seems to identify $emailclean but it doesn't seem to read $passwordclean. However, when I try to manually put the password such as

$result = $mysqli_conn->query("SELECT * FROM user WHERE email = '$emailclean' AND password = 'celenelqdekdnnd.......'");

it seems to work fine.

What am I doing wrong here?

This is my Code:

require "../config/init.php";
require "../config/config.php";
if(isset($_POST['submit'])){

$passwordclean = mysqli_real_escape_string($mysqli_conn, hash("sha512", $_POST['password']));
$emailclean= mysqli_real_escape_string($mysqli_conn, $_POST['email']);


$errorCheckr = array(); //an array is introduced to check errors
$finalmessager = array();//an array to display final message

if (empty($emailclean)) {
    $errorCheckr['emailcheck'] = 'Please enter your email';

}else{
    $_SESSION['email'] = $emailclean;
}

if (empty($passwordclean)) {
    $errorCheckr['passwordcheck'] = 'Please enter your password';

}else{
    $_SESSION['password'] = $passwordclean;
}


//Sanitize

if (!empty($emailclean) && !filter_var($emailclean, FILTER_VALIDATE_EMAIL)) {
    $errorCheckr['emailvalidcheck'] = 'Your email is not valid';
}


if (strlen($email) > 50) {
    $errorCheckr['emaillengthcheck'] = 'Your email is too long';
}

if (!empty($passwordclean) && strlen($passwordclean) < 5) {
    $errorCheckr['passwordlengthcheck'] = 'Your password is too short';
}


if (empty($errorCheckr)) {


    $result = $mysqli_conn->query("SELECT * FROM user WHERE email = '$emailclean' AND password = '$passwordclean'");

    if($row = mysqli_fetch_assoc($result)){

      $finalmessager['success'] = 'You are logged in';
      $_SESSION['finalmessager']= $finalmessager;
    }else{
      $finalmessager['fail'] = 'You are not logged in';
      $_SESSION['finalmessager']= $finalmessager;
    }

    unset($_SESSION['email']);
    unset($_SESSION['password']);

    header('location:../loginform.php');



}else{      


    $_SESSION['regErrors']= $errorCheckr;

    header('location:../loginform.php');

}
}

Answer 1

First turn on errors:

<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');

Test if post variable and password is set:

<?php
var_dump($_POST['password']);
var_dump($passwordclean);

Few tips:

1) Why save the password in a session?

2) You're checking the length of $passwordclean which will always be 128 chars since it is being hashed with sha512.

3) :

<?php
$result = $mysqli_conn->query("SELECT * FROM user WHERE email = '". mysqli_real_escape_string($mysqli_conn, $_POST['email']) ."' AND password = '". mysqli_real_escape_string($mysqli_conn, hash("sha512", $_POST['password'])) ."'");