As I said on your
repost[
^] of this question:
If you'd pasted the start of your error message into Google, or your preferred search engine, you would have found the hundreds of times this precise question has been asked before.
Returns false on failure.
Your query failed. Most likely because
user
is a
reserved word in MySQL[
^], and needs to be escaped.
HOWEVER, you have some
extremely critical security vulnerabilities in your code:
Your code is vulnerable to
SQL Injection[
^].
NEVER use string concatenation / interpolation to build a SQL query.
ALWAYS use a parameterized query.
PHP: SQL Injection - Manual[
^]
PHP: Prepared statements and stored procedures - Manual[
^]
You are storing an unsalted hash of your users' passwords, using an ancient and insecure hashing algorithm - MD5 hasn't been considered "secure" for over two decades now.
You need to salt your hash, using a unique salt for each record, and use a secure hashing algorithm.
PHP provides built-in functions to help you do the right thing:
PHP: password_hash[
^]
PHP: password_verify[
^]