Click here to Skip to main content
14,573,479 members
Rate this:
Please Sign up or sign in to vote.
See more:
Hello, I am a beginner.
For checking username and password:
$username = $_POST['username'];
$password = $_POST['password'];
$sql= "SELECT * FROM user WHERE username = '$username' AND password = '$password' ";
$result = mysqli_query($con,$sql);
$check = mysqli_fetch_array($result);
echo 'success';
echo 'failure';

But when I get variables from users it isn't secure.
How can I use '?' and prepare the query and check results?

What I have tried:

checking username and password with
Updated 25-Apr-20 11:46am

1 solution

Rate this:
Please Sign up or sign in to vote.

Solution 1

Start here: checking username and password in php using hashes - Google Search[^]
Basically, you don't store passwords in clear text - you hash them (with a salting value, often the username or ID number) and compare hash values.
Follow a few of the links, and you'll get the idea.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100