0

I'm having an issue with login validation using php. I don't understand what what the problem is. I am a noob in php. I'm getting a "login failed" error, yet I have those values in my database

 <?php
    $con=mysqli_connect('localhost', 'root', '','project')
        or die("Could not establish connection");

    mysqli_select_db($con,'project') or
        die ("Could not select the db");

    if(isset($_POST['username']) && isset($_POST['password'])){

        $username=$_POST['username'];
        $password=md5($_POST['password']);


        $query=mysqli_query($con, "SELECT * FROM register WHERE username = '$username' AND password= '$password'");

        if(mysqli_num_rows($query) > 0){
            header ("location:homepage.php");
        }else{
            echo "Login failed";

        }




        }

    ?>
Mozahler
  • 4,958
  • 6
  • 36
  • 56
liv jeez
  • 21
  • 3
  • 3
    **Don't use `md5()` for password hashing.** It's very insecure. Use PHP's [`password_hash()`](http://php.net/manual/en/function.password-hash.php) and [`password_verify()`](http://php.net/manual/en/function.password-verify.php) instead. If you're running a PHP version lower than 5.5 (which I _really_ hope you aren't), you can use the [password_compat library](https://github.com/ircmaxell/password_compat) to get the same functionallity. – M. Eriksson Oct 06 '18 at 20:52
  • Possible duplicate of [How to use password\_hash](https://stackoverflow.com/questions/30279321/how-to-use-password-hash) – Progman Oct 07 '18 at 09:31

1 Answers1

0

You just need to see the sql statement and then go to phpmyadmin. Then select sql tab. Then paste the complete SQL and click go to see the result.

To see the Complete SQL write this code after performing query.

echo "SELECT * FROM register WHERE username = '$username' AND password= '$password'";

KRISHNENDU DE
  • 49
  • 3