not mach the data in sql with oops php

Question

here is my class user code

class User{
protected $pdo;

function __construct($pdo){
    $this->pdo = $pdo;
}
public function checkInput($var){
    $var = htmlspecialchars($var);
    $var = trim($var);
    $var = stripcslashes($var);
    return $var;
}

1. and here is my code to check the table

   public function login ($email, $password){
   $stmt = $this->pdo->prepare("SELECT 'user_id' FROM 'users' WHERE 'email' = :email AND 'password' = :password ");
   $stmt ->bindParam(":email", $email, PDO::PARAM_STR);
   $hashed_pass =  md5($password);
   $stmt ->bindParam(":password", $hashed_pass , PDO::PARAM_STR);
   $stmt ->execute();
   
   $user = $stmt->fetch(PDO::FETCH_OBJ);
   $count = $stmt->rowCount();
   

2. and here i am trying to redirect the user to home page but not reloads

   if ($count > 0) {
       $_SESSION['user_id'] = $user ->user_id;
       header('Location: home.php');
   }else{
       return false;
   }
   

   } }

3. and here is login code with conditions

   if(isset($_POST['login'])  && !empty($_POST['login'])) {
   $email  = $_POST['email'];
   $password = $_POST['password'];
   if (!empty($email) or !empty($password)) {
     $email = $getFromU->checkInput($email);
     $password = $getFromU->checkInput($password);
      if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        $error = "Invalid Format";         
      }else{
        if($getFromU->login( $email, $password) === false){
         $error = "The email or password is incorrect!!!!";
        }
      }
      }else{
       $error = "please valid enter username  and password!";
     }
   

   }

   where am i getting wrng i am confused ....

Answer 1

You should use backticks (`) instead of apostrophes (') for column and table names in your SQL query:

$stmt = $this->pdo->prepare("SELECT `user_id` FROM `users` WHERE `email` = :email
AND `password` = :password ");