So I just started learning PHP and was following an old guide to make something that I was interested in. The entire guide was using the old deprecated mysql functions, so I decided to venture out of my small experience in PHP and try fixing everything myself. I decided to migrate to mysqli as it seemed as an easier alternative compared to PDO. Everything seemed to work well, until I realized that my user log-in wasn't quite working. Here is how I have it setup:
$password = md5($_POST['user_password']);
$sql = "SELECT * FROM users
WHERE user_email = '$user_email'
AND user_password = '$password'";
$result = mysqli_fetch_assoc($link->query($sql));
$_SESSION['user_id'] = $result['user_id'];
$_SESSION['user_acl_id'] = $result['user_acl_control_id'];
$_SESSION['user_first_name'] = $result['user_first_name'];
$_SESSION['user_last_name'] = $result['user_last_name'];`
Whenever I try to enter the password through the login, it tells me I am wrong even though it is correct. I suspect my issue is within this line:
$result = mysqli_fetch_assoc($link->query($sql));
The guide originally had it like this:
$password = md5($_POST['user_password']);
$sql = "SELECT * FROM users WHERE user_email = '$user_email' AND user_password = '$password'";
$result = mysql_fetch_assoc(mysql_query($sql));
$_SESSION['user_id'] = $result['user_id'];
$_SESSION['user_acl_id'] = $result['user_acl_control_id'];
$_SESSION['user_first_name'] = $result['user_first_name'];
$_SESSION['user_last_name'] = $result['user_last_name'];
I would appreciate if anyone could help me out! Thanks in advance!
