0

I honestly can't see why this doesn't work. I have checked it several times even compared it to other examples I have done that does work. Please note that I have taken it down to the simplest form so there is no sql injection protection. That comes later.

//user real escape string to prevent SQL injection
$username = $_POST['username'];
$password = $_POST['password'];

//check if username and password is blank
if (!$username || !$password)
    die ("Not all the fields were filled in");

//Server details
$host = 'localhost';
$user = 'tm_user';
$password = 'password';

//The database name
$database = 'TransportMe';

// Create connection
$con = new mysqli($host, $user, $password, $database);

// Check connection
if ($con->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

//since user and password is not blank, find user info using the email and password entered by user
$sql= "SELECT * FROM Users WHERE 'email'='$username' AND 'password' = '$password';";

//Get the results
$result = $con->query($sql);

//Check if null
if ($result->num_rows == null)
    die("Null");
Toby Allen
  • 10,997
  • 11
  • 73
  • 124
Jean de Toit
  • 127
  • 9

2 Answers2

-1

use backticks for columns in your query like this

$sql= "SELECT * FROM Users WHERE `email` = '$username' AND `password` = '$password'";
-1

Your query should be:

//since user and password is not blank, find user info using the email and password entered by user
$sql= "SELECT * FROM `Users` WHERE `email` = '{$username}' AND `password` = '{$password}';";
alpipego
  • 3,223
  • 2
  • 17
  • 28
  • I wish it was this easy. I have done similar things previously and unfortunately it's not it. I did try substituting your code and as expected it wasn't it. I believe this has something to do with mixing objective and procedural mysql code. I might just have a look if there isn't a space or something – Jean de Toit Aug 15 '15 at 12:40