Click here to Skip to main content
14,573,479 members
Rate this:
Please Sign up or sign in to vote.
See more:
Hello, I am a beginner.
For checking username and password:
<pre><?php
<?php
if ($_SERVER['REQUEST_METHOD']=='POST'){
$username = $_POST['username'];
$password = $_POST['password'];
require_once('dbConnect.php');
$sql= "SELECT * FROM user WHERE username = '$username' AND password = '$password' ";
$result = mysqli_query($con,$sql);
$check = mysqli_fetch_array($result);
if(isset($check)){
echo 'success';
}else{
echo 'failure';
}
}
?>


But when I get variables from users it isn't secure.
How can I use '?' and prepare the query and check results?


What I have tried:

checking username and password with
bind_param
Posted
Updated 25-Apr-20 11:46am

1 solution

Rate this:
Please Sign up or sign in to vote.

Solution 1

Start here: checking username and password in php using hashes - Google Search[^]
Basically, you don't store passwords in clear text - you hash them (with a salting value, often the username or ID number) and compare hash values.
Follow a few of the links, and you'll get the idea.
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100