Ok...this is what I came up with:
<?php
$dsn= 'mysql:host=localhost; dbname=file_share';
$username= 'root';
$password= '';
try {
$db= new PDO($dsn, $username, $password);
echo '<p>You are connected to the database!</p>';
} catch (PDOException $e) {
$error_message= $e->getMessage();
echo "<p>An error occured while connecting to the database: $error_message </p>";
}
$sql= 'SELECT *
FROM `Users`
WHERE `Username` = :username
AND `Password` = :password
LIMIT 1'; //SQL query with named placeholders
$stmt = $db->prepare($sql); //Returns a PDOStatement class object
if( isset($_POST['username'],$_POST['password'])
&& !empty($_POST['username']) && !empty($_POST['password']) )
{
$username = $_POST['username'];
$password = hash('md5',$_POST['password']);
$stmt->bindParam(':username',$username,PDO::PARAM_STR,16);
$stmt->bindParam(':password',$password,PDO::PARAM_STR,16);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
}
if($stmt->rowCount() > 0) {
$_SESSION['loggedIn']= "true";
header("Location: index.php");
}
?>
Now, this eliminated any error messages, and redirects to "index.php", but it doesn't matter what you put in for login or password...it just goes regardless. ??