Jump to content

PHP & MYSQL LOGIN ERROR


Kausalya

Recommended Posts

I have created a PHP & MySql login but its not working.  If I put the right email/password still its showing "Wrong Username or Password" everytime. Bacause I'm beginner to this I don't really know how to solve this issue. Thanks in advance.

Here is my coding

<?php


// Start PHP session at the beginning 
session_start();

// Create database connection using config file
include_once("connection.php");

// If form submitted, collect email and password from form
if (isset($_POST['login'])) {
    $email    = $_POST['email'];
    $password = $_POST['password'];

    // Check if a user exists with given username & password
    $result = mysqli_query($conn, "select 'Email', 'Password' from tblstudent
        where Email='$email' and Password='$password'");

    // Count the number of user/rows returned by query 
    $user_matched = mysqli_num_rows($result);

    // Check If user matched/exist, store user email in session and redirect to sample page-1
    if ($user_matched > 0) {

        $_SESSION["email"] = $email;
        header("location: welcome.php");
    } else {
        echo "User email or password is not matched <br/><br/>";
    }
}
?>

 

Edited by Barand
code tags added
Link to comment
Share on other sites

First please use the code icon (<>) in the menu for your code and specify PHP.

1. How did you define the password column in MySQL?

2. How did you store the password in the database?

3. Assuming you used 'password' to do the store you must use the same function in the query to retrieve the row.

4. 'password' is a MySQL reserved word so you should avoid it for a column name. If you do use it, you must always enclose it in back ticks(`) in your queries.

As an aside, I suggest you use PDO as it is easier and more flexible. You should also never use post data directly in any MySQL query. Validate it and use prepared statements.

Link to comment
Share on other sites

23 minutes ago, gw1500se said:

4. 'password' is a MySQL reserved word so you should avoid it for a column name. If you do use it, you must always enclose it in back ticks(`) in your queries.

"password" is a keyword (and, I agree, best avoided) but is not a reserved word requiring backticks.

@Kausalya use password_hash() and password_verify() when storing and checking passwords.

Link to comment
Share on other sites

2 hours ago, Kausalya said:

how to solve this issue

start by getting php and the database to help you.

do you have php's error_reporting set to E_ALL and display_errors set to ON, preferably in the php.ini on your system, so that php will help you by reporting and displaying all the errors it detects?

do you have error handling for all the database statements that can fail - connection, query, prepare, and execute, so that you will know if and why they are failing? the easiest way of adding error handling for database statements, WITHOUT adding logic at each one, is to use exceptions for database statement errors and in most cases let php catch and handle the exception, where php will use its error related settings (see the above paragraph) to control what happens with the actual error information, via an uncaught exception (database statement errors will ‘automatically’ get displayed/logged the same as php errors.) to enable exceptions for errors for the mysqli extension, add the following line of code before the point where you make the connection -

mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

 

Link to comment
Share on other sites

13 hours ago, gw1500se said:

First please use the code icon (<>) in the menu for your code and specify PHP.

1. How did you define the password column in MySQL?

2. How did you store the password in the database?

3. Assuming you used 'password' to do the store you must use the same function in the query to retrieve the row.

4. 'password' is a MySQL reserved word so you should avoid it for a column name. If you do use it, you must always enclose it in back ticks(`) in your queries.

As an aside, I suggest you use PDO as it is easier and more flexible. You should also never use post data directly in any MySQL query. Validate it and use prepared statements.

I've changed the column name for database from password to StudentPassword but still I can't login , I will attach my database table below.

Screenshot 2021-05-05 140720.png

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.