I've been trying to create a simple login script with php and mysql. I'm able to connect to the database and enter data into it, but I can't use SELECT to get data from the DB.
This is my register code (which works):
<?php
include_once "dbconnect.php";
$email = $_POST['email'];
$username = $_POST['username'];
$password = md5($_POST['password']);
$insert = "INSERT INTO users (username, email, password) VALUES ('$username','$email','$password')";
if ($mysqli->query($insert) === TRUE) {
?>
<script>alert('successfully registered ');</script>
<?php
}else {
?>
<script>alert('error'); </script>
<?php
}
header( 'register.html' );
mysqli_close($mysqli);
?>
And then this is my login code (which doesn't work):
<?php
session_start();
require_once("dbconnect.php");
?>
<br>
<?php
$username = $_POST['username'];
$password = md5($_POST['password']);
echo "error: ";
echo mysqli_error($mysqli);
?>
<br>
<?php
echo "username: ", $username;
$query = "SELECT password FROM users WHERE username='$username'";
$queryfinal = $mysqli->query($query, $mysqli);
$encpassword = md5($password);
?>
<br>
<?php
echo "password: ";
echo $encpassword;
?>
<br>
<?php
echo "query: ";
echo $queryfinal;
if ($queryfinal == $encpassword) {
$_SESSION["username"] = "$username";
header('Location: https://ruofftechnologies.com/login1/home.html');
}
else {
session_destroy();
?>
<br>
<?php
echo "failed";
}
?>
My login code just returns this when I enter username 'hi' with password 'hi':
"Connected successfully error: username: hi password: 179085fcac495de6d84339f8e3b11a34 query: failed"
Any help is much appreciated!
-Gabriel
$queryfinal = $mysqli->query($query, $mysqli);
returns a mysqli_result object.
$encpassword = md5($password);
returns a string.
if ($queryfinal == $encpassword) {
compares a string to a non-string object, so of course it always returns false.
Getting the data from the result is more complicated than just "converting to a string." A mysqli_result contains one or more rows of data, each containing one or more columns. To navigate this data structure you use the various mysqli_result::fetch_* functions. In your case I would use
$resultrow = $queryfinal->fetch_assoc();
$resultpwd = $resultrow['password'];
This fetches the current row of the result into an associative array called $resultrow, then retrieves the array element named password.