So i'm trying to make a login system and its not working because every time I test the number of rows via this code:
$username=$_POST['username'];
$password=$_POST['password'];
$username = stripslashes($myusername);
$password = stripslashes($mypassword);
$username = mysqli_real_escape_string($username);
$password = mysqli_real_escape_string($password);
$result=mysqli_query($connect,"SELECT * FROM users WHERE username='$username'");
$count=mysqli_num_rows($result);
if($count==1){
but everytime I run it it doesn't return 1, I don't even know how to check what its returning and when I remove $username's '' marks it comes up invalid query
Im using PHP 5.4.4-14, Mysql Ver 14.14 Distrib 5.5.31, for debian-linux-gnu (armv7l) using readline 6.2, and Apache/2.2.22 (Debian)
You should really switch to prepared statements instead of injecting your variables directly in the query, but you problem is caused by mysqli_real_escape_string(). That function needs two parameters, the first one being the mysqli connection.