php username and password checking won't work

Question

i'm trying to make a login page work with php and mysql, but it doesn't wanna work, i'm new to php. All i want is when a correct user and pass is entered, display/echo that user's level

mysql:image

db.php:

<?php
$servername = "127.0.0.1";
$username = "root";
$password = "";
$dbname = "maindb";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 
# open database like before.
$web_username=$_POST['username'];
if ($web_username=="") die(); # one bit of error handling.
$web_password=$_POST['password'];
$sql = "SELECT id, level FROM users WHERE name = ? AND password = ?";
$stmt =  $conn->prepare ($sql ); # needs error check
$stmt->bind_param("ss", $web_username, $web_password);
$stmt->execute(); # needs error check
if ($stmt->num_rows==1) {
    $stmt->bind_result($id, $level);
    $stmt->fetch(); 
    printf ("id is %s, level is %s\n", $id, $level);
}
?>

index.html:

<html>
<body>
<form method='post' action='db.php'>
Username: <input type='text' name='username' placeholder='username'><br>
Password: <input type='password' name='password' placeholder='password'><br>
<input type="submit" value="Submit" />
</form></body></html>

you have any error? (for before check error log is enabled in php.ini) — prasanth, Mar 14 '19 at 17:42
You should **_never_** store plaintext passwords. Use [`password_hash()`](https://secure.php.net/manual/en/function.password-hash.php) and [`password_verify()`](https://secure.php.net/manual/en/function.password-verify.php) to securely hash them. — ChrisGPT was on strike, Mar 14 '19 at 17:42
you are probably right but it's my first time with php and sql so i wanna keep it simple and have something working — Light Yugen, Mar 14 '19 at 17:42
@LightYugen, there is never any excuse to store plaintext passwords. Even the most inexperienced beginners should learn to do this properly. Whatever tutorial you're following is pointing you down the wrong path. Find a new one that uses `password_hash()` and `password_verifiy()`. You don't want to learn this wrong. — ChrisGPT was on strike, Mar 14 '19 at 17:43
You need to describe how it's not working. Are there any errors in the php error logs or there any errors on screen when you execute the page, what is the output of [mysqli's error function](http://php.net/manual/en/mysqli.error.php), etc. — cteski, Mar 14 '19 at 17:45
PHP Parse error: syntax error, unexpected ',' in /var/www/html/db.php on line 24, i'm not sure what's happening — Light Yugen, Mar 14 '19 at 17:57
Error messages are important. Please remember to **read them** and **include them when you ask questions**. [PHP parse/syntax errors; and how to solve them?](https://stackoverflow.com/q/18050071/354577) should help you resolve that issue. — ChrisGPT was on strike, Mar 14 '19 at 18:30
This also looks like a duplicate of [this question you posted a few hours ago](https://stackoverflow.com/questions/55166412/php-username-and-password-check-in-mysql). — ChrisGPT was on strike, Mar 14 '19 at 18:33

Ajanyan Pradeep · Answer 1 · 2019-03-14T19:32:34.060

Add store_result(); after $stmt->execute(); in db.php

So the actual code will be

<?php
$servername = "127.0.0.1";
$username = "root";
$password = "";
$dbname = "maindb";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 
# open database like before.
$web_username=$_POST['username'];
if ($web_username=="") die(); # one bit of error handling.
$web_password=$_POST['password'];
$sql = "SELECT id, level FROM users WHERE name = ? AND password = ?";
$stmt =  $conn->prepare ($sql ); # needs error check
$stmt->bind_param("ss", $web_username, $web_password);
$stmt->execute(); # needs error check
$stmt->store_result();
if ($stmt->num_rows==1) {
    $stmt->bind_result($id, $level);
    $stmt->fetch(); 
    printf ("id is %s, level is %s\n", $id, $level);
}
?>

This will solve your issue.

php username and password checking won't work

1 Answers1