my php script always gives the same respone. i'm trying to make a login Formular for Android.
maybe some one of you know why:
<?php
$con=mysqli_connect("localhost","root","","my_db");
//echo "Welcome, I am connecting Android to PHP, MySQL";
if (mysqli_connect_errno($con))
{
//echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$username = $_POST['username'];
$password = $_POST['password'];
$result = mysqli_query($con,"SELECT Username FROM user where Username='$username' and Password='$password'");
$flag['code'] =0;
if($result)
{
$flag['code']=1;
} else {
$flag['code'] = 0;
}
print(json_encode($flag));
//echo json_encode($flag)
mysqli_close($con);
?>
it always Prints Code:1 i hope some one know why this happens.
You do not check the result. You are just checking if it is non null. By the way you should handle a connection problem too.
I would modify your check to:
if(mysqli_num_rows($result) == 1) {
$flag['code'] = 1;
} else {
$flag['code'] = 0;
}
This will check if you got one result which means that you got a working login.
Please keep in mind to hash your passwords. Even within development you should keep passwords save.