Skip to content Skip to sidebar Skip to footer
Home / Html / Mysqli / Php

How To Validate The Simple Php Login Form With The Mysqli Query?

Post a Comment
this is my php code

Solution 1:

https://codereview.stackexchange.com/ would be a better place for stuff like this. It's absolutely unclear what you're actually asking, therefore I just refactored your PHP code and hope this might help.

<?php

mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

$username = filter_input(INPUT_POST, "username", FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW);
$password = filter_input(INPUT_POST, "password", FILTER_UNSAFE_RAW);

if ($username && $password) {
  try {
    $connection = new \mysqli("localhost", "root", "password", "database");
    $stmt = $connection->prepare("SELECT `id`, `password` FROM `personal` WHERE `username` = ? LIMIT 1");
    $stmt->bind_param("s", $username);
    $stmt->execute();
    $stmt->bind_result($id, $hash);
    $found = $stmt->fetch();
    if ($found === true && password_verify($password, $hash)) {
      session_start();
    }
    else {
      echo"We either don't know the username or the password was wrong.";
    }
    $stmt->close();
    $connection->close();
  }
  catch (\mysqli_sql_exception $e) {
    echo"An error ocurred while communicating with the database, please hang in there until it's fixed.";
  }
}
else {
  echo"Please enter a username and a password.";
}
  • Use exceptions instead of checking the returned values of each function and/or calling additional methods.
  • Use object oriented code for better readability.
  • Use prepared statements to ensure that no SQL injection is possible.
  • Use PHP's built-in password functions.
  • Use PHP's built-in filter functions.
  • Don't tell the client what really went wrong (unknown username and/or wrong password).

Solution 2:

Don't know what you want but i think theirs error in your code.

$res="SELECT * FROM personal WHERE username='".$username."' password='".$password."'";
  $result=mysqli_query($con,$sql));
  if(mysqli_num_rows($result) == 1)
   {

    }

You declared sql query in string but never fired it. If that was causing problem then this should solve it.

Post a Comment for "How To Validate The Simple Php Login Form With The Mysqli Query?"