I submit my form and it should find the value of FirstName and LastName in my MySQL database and send me to a success page. Instead I'm being sent to the fail page. I cannot see what is wrong with it.
here is my html form "login_1.php":
<form name="loginForm" action="loginCheck.php" method="post">
<input type="text" name="firstname_field_name" id="firstname_field_ID" value="First Name" />
<input type="text" name="lastname_field_name" id="lastname_field_ID" value="Last Name" />
<input type="submit" name="Submit" value="Submit" />
</form>
here is the php:
<?php
session_start();
$_SESSION['firstname_session'] = $_POST['firstname_field_name'];
$_SESSION['lastname_session'] = $_POST['lastname_field_name'];
require("config_php.php");
$con = mysqli_connect(DBHOST, DBUSER, DBPASS, DBNAME) or die('Could not connect to database server.');
$myfirstname=$_POST[firstname_field_name];
$mylastname=$_POST[lastname_field_name];
$result = mysqli_query($con,"SELECT * FROM test WHERE FirstName='$myfirstname' AND LastName=$mylastname");
$count=mysqli_num_rows($result);
if($count>0){
//success
header('Location: loggedin.php');
exit();
}
else{
//fail
header('Location: login_1.php');
exit();
}
?>
Change this part to:
$myfirstname=$_POST['firstname_field_name'];
$mylastname=$_POST['lastname_field_name'];
//make it a little secure
$myfirstname = mysqli_real_escape_string($con, $myfirstname);
$mylastname = mysqli_real_escape_string($con, $mylastname);
$result = mysqli_query($con,"SELECT * FROM test WHERE FirstName='$myfirstname' AND LastName='$mylastname'");
$count=mysqli_num_rows($result);