I am trying to create a "login" webpage. The PHP codes for the login (login100.php) are called by another file (index100.php). Whenever I run index100.php on XAMPP, I get two errors:
Warning: mysqli_error() expects exactly 1 parameter, 0 given in C:\xampp\htdocs\login100.php on line 24
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in C:\xampp\htdocs\login100.php on line 26
My codes for index.php are:
<?php
include('login100.php'); // Includes Login Script
if(isset($_SESSION['login_user'])){
header("location: profile100.php");
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Login Form in PHP with Session</title>
<link href="style100.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="main">
<h1>PHP Login Session Example</h1>
<div id="login">
<h2>Login Form</h2>
<form action="" method="post">
<label>UserName :</label>
<input id="name" name="username" placeholder="username" type="text">
<label>Password :</label>
<input id="password" name="password" placeholder="**********" type="password">
<input name="submit" type="submit" value=" Login ">
<span><?php echo $error; ?></span>
</form>
</div>
</div>
</body>
</html>
My codes for login.php are:
<?php
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
}
else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysqli_connect("localhost", "root", "", "Company");
// To protect MySQL injection for Security purpose
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($connection, $username);
$password = mysqli_real_escape_string($connection, $password);
// SQL query to fetch information of registerd users and finds user match.
$sql = "SELECT * FROM login where password='$password' AND username='$username'";
$query = mysqli_query($connection, $sql);
if (false === $query) {
echo mysqli_error();
}
$rows = mysqli_num_rows($query);
if ($rows == 1) {
$_SESSION['login_user']=$username; // Initializing Session
header("location: profile100.php"); // Redirecting To Other Page
} else {
$error = "Username or Password is invalid";
}
mysqli_close($connection); // Closing Connection
}
}
?>
I have worked on this for the past FIVE days and I cannot resolve this issue. All I want is a code which fetches a user's username and password from the database, and no such username or password exist, a message saying "invalid password" is generated. For some reason, I'm getting the two error messages above. Can someone help?