if(isset($_POST['l_login']))
{
$query = $con->prepare("SELECT id FROM librarian WHERE username = ? AND password = ?;");
$query->bind_param("ss", $_POST['l_user'], sha1($_POST['l_pass'])); //line44
$query->execute();
if(mysqli_num_rows($query->get_result()) != 1)
echo error_without_field("Invalid username/password combination");
else
{
the code is not working Only variables should be passed by reference on line 44
sha1($_POST['l_pass']) is a function call, not a variable. You can't pass its result by reference. Simply call the function beforehand and assign its result to a variable - you can then pass this to bind_param():
$query = $con->prepare("SELECT id FROM librarian WHERE username = ? AND password = ?;");
$pass_hashed = sha1($_POST['l_pass'])
$query->bind_param("ss", $_POST['l_user'], $pass_hashed);
$query->execute();
N.B. SHA-1 is widely known to be cryptographically broken and insecure - this has been the case for some years now (at the time of writing). You would be stronly advised to stop using it and switch to a more up to date, secure algorithm for hashing your passwords. You can learn about PHP's built-in, up-to-date, secure password hashing and verification functions instead. See also How to use PHP's password_hash to hash and verify passwords
