I have looked all over the web, checked the php syntax but I can't understand why this code is not working.
// Create connection
$con=mysqli_connect("localhost","task_user","task","tasks");
// Check connection
if (mysqli_connect_errno()) {
echo "No se puede conectar a la base de datos: " . mysqli_connect_error();
}
else{
//Verificación de la información de logeo
$username = $_POST["user"];
$username = stripslashes($username);
$password = $_POST["passwd"];
$username = $mysqli_real_escape_string($con,$username);
//$password = $mysqli_real_escape_string($password);
//$sqlquery = "SELECT username,password FROM users WHERE username ='$username' AND password='$password'";
}
echo '<script type = "text/javascript"> restoreValues("' . $_POST["user"] . '","' . $_POST["passwd"] . '"); </script>';
echo "ALL OK";
If I comment the mysqli_real_escape_string then it works (ALL OK is printed), if I don't it doesn't work. What am I doing wrong??
you are using $ sign before function mysqli_real_escape_string
make it
$username = mysqli_real_escape_string($con,$username);
instead of
$username = $mysqli_real_escape_string($con,$username);
^ remove this
You have a $ before mysql_real_escap_string, which is wrong. If you remove the $, it should work. Your version would call a function with the name defined in the variable $mysqli_real_escape_string (which does not exist in your case).