0

Hi! The objective of this code is to log-in to a website. This code has no error but still doesn't redirect to a profile page. Please, help. Thank you!

<?php

include("dbconnect.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "post")
{
$username = $_POST['student'];
$password = $_POST['password'];

$query=mysqli_query($dbconfig,"SELECT * FROM members WHERE sn=$username AND pw=$password");
$row=mysqli_fetch_array($query,MYSQLI_ASSOC);
$count=mysqli_num_rows($query);
if($count==1)
{
$_SESSION['login_user']=$username;

header("location: main.php");
}
else
{
$error="Username or Password is invalid";
}
}
?>
DarkArrow29
  • 11
  • 2

2 Answers2

2

You need to write you query like this

 $query=mysqli_query($dbconfig,"SELECT * FROM members WHERE sn='".$username."' AND pw='".$password."'");
Bindesh Pandya
  • 193
  • 3
  • 14
0

Your query doesn't work. Try with SELECT * FROM members WHERE sn='$username' AND pw='$password'

And also after you execute the query check if the are some errors with

if(!$query)
 die(mysqli_error($dbconfig));

P.S. sanitize username and password before inserting them in a query

Riccardo Bonafede
  • 610
  • 1
  • 9
  • 17
  • Thank you very much! I've found out the problem. I haven't assigned the a user to the database. Thanks and sorry! – DarkArrow29 Jun 15 '16 at 12:18