is my php correct? cant find any syntax errors

[Jayden_Blade]

<?php
error_reporting(E_ALL);
session_start();

include ("dbcon.php");
echo "include working";
$username1= ($_POST['username']);
echo ($_POST['username']);

if ($_POST) {
	
		if (!empty($_POST['username']) && !empty($_POST['pass'])) {
			$sql = "SELECT * FROM `user` WHERE `username`='($_POST['username'])' LIMIT 1";
			$result = mysqli_query($sql);
			if (mysqli_num_rows($result) > 0) {
				//user is valid, check pass
				$query = mysqli_fetch_assoc($result);
							 $password = ($_POST['pass']);
				if ($password !== $query['pass']) {
					//invaid pass, input error code
					echo "Wrong Password";
					exit;
				}	
				 else {
					//valid user and pass, login
					$_SESSION['login'] = TRUE;
					$_SESSION['username'] = $_POST['username'];
					//echo "logged in";
					header('location: home.php');
					exit(); 
				}
			} 
			else {
				//user is not in database, input error code
				echo " User Not Found";
			}
		}
		else {
			//form submitted but no username/password, input error code
			echo "Fields are Blank";
		}
} 
else {
	//page loaded, but no form submitted, input error code
	echo "Submition Error";
}


?>

I can't figure out the problem........ Any help is appreciated!

[QuickOldCar]

Try this for error reporting

error_reporting(E_ALL | E_NOTICE);
ini_set('display_errors', '1');

With mysqli you have to pass the database variable for the connection along with the query

Look in dbcon.php for whatever you named it.

$result = mysqli_query($database_connection,$sql);

did you mean to use curly braces?

$sql = "SELECT * FROM `user` WHERE `username`='($_POST['username'])' LIMIT 1";

 

 

Escape anything used in a query to your database

mysqli_real_escape_string()

 

So try this (with your proper database connection variable)

$sql = "SELECT * FROM `user` WHERE `username`='".mysqli_real_escape_string($database_connection ,$_POST['username'])."' LIMIT 1";

[Jayden_Blade]

thanks! I am use to mysql not mysqli