Hi,
I've recently just restarted doing some web design, I've decided to learn some PHP and have set-up a LAMP set-up on my Ubuntu desktop. I'm trying to create a very basic login page, I have created the D/B in MySQL and created the forms to add users which is all working fine, I can query the D/B and see the list of users I have added. The next stage was to attempt the login page (please see below code), problem is, when I enter a correct username it is saying that it's invalid, I created a simple IF statement to check my query is returning a row but it's coming back blank, I appear to be connecting to the D/B with no problems. Can anyone recognise where I possibly could be going wrong? I have literally been sat looking at the same piece of code for over an hour and I can find nothing wrong ...... I have read about sanitizing the username field and I have tried mysqli_real_escape_string function also. I know the username is correct because it also echos out onto the screen along with a message about the D/B being connected.
Any help would be much appreciated.
Regards,
Ross
<html>
<head>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
</head>
<body>
<form action="loginpage.php" method="post">
Username: <input type="text" name="user">
Password: <input type="password" name="pass">
<input type="submit">
</form>
</html>
<?php
$username = "";
$password = "";
$errormess = "";
if($_SERVER['REQUEST_METHOD'] == 'POST') {
$myconn=mysqli_connect("***********","************,"************");
$mydb=mysqli_select_db($myconn,"myConferenceCalls");
if($mydb) {
echo "Connected to D/B";
$username = $_POST['user'];
$sql = "SELECT * FROM myUsers WHERE Username='$username'";
$sqlresult = mysqli_query($sql);
$valid = mysqli_num_rows($sqlresult);
echo "$username";
if($valid==1) {
echo "Valid Username";
} else {
echo "Invalid Username";
}
mysqli_close($myconn);
} else {
echo "Could not connect to D/B";
mysqli_close($myconn);
}
}
?>