Im new to programming and I'm trying to create a login form using php/mysql and I have faced some problems. I cannot understand why my sql code cannot being executed, Im using localhost. Could you guys help me? Thanks Here is the code that i wrote
<?php
$host = "localhost";
$user = "root";
$pass = "";
$db = "login";
mysql_connect($host, $user, $pass);
mysql_select_db($db);
if (isset($_POST['username'])){
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM users WHERE username'".$username."' AND password='".$password."' LIMIT 1";
$res = mysql_query($sql);
if (mysql_num_rows($res) == 1){
echo "You have successfully logged in.";
exit();
}else{
echo "Invalid password information.";
exit();
}
}
?>
I think you forgot =
$sql = "SELECT * FROM users WHERE username='".$username."' AND password='".$password."' LIMIT 1";
Simple Typo:
Change:
$sql = "SELECT * FROM users WHERE username'".$username."' AND password='".$password."' LIMIT 1";
To:
$sql = "SELECT * FROM users WHERE username = '".$username."' AND password='".$password."' LIMIT 1";
Another thing, you don't need to fetch all fields from database table if you don't need them.
This slows down speed of page load.
You can fetch only id field.
You are fetching number of rows, so, your query should be:
SELECT id FROM users WHERE username ...