I am making a small webpage, and I want to extract the user id, so as to check whether the account exists or not. I do this by connecting to a MySQL DB, and checking to see if the account exists. I am very new to all of this, and only know the absolute basics of PHP & MySQL. Here is my login.php:
login.php
<?php
$server = "fooServer";
$user = "foo";
$pass = "foo";
$db = "newsContent";
$conn = new mysqli($server, $user, $pass, $db);
if ($conn->connect_error)
{
die("Connection failed: " . $conn->connect_error);
}
?>
<?php
$email = $_POST['email']; //Taken from my index.php
$password = $_POST['password']; //Taken from my index.php
/*I used this so as to extract the id. I then wanted to
proceed with the procedure if the id existed, and alert the user if it didn't*/
$sql = "SELECT id FROM fooTable WHERE username='$email' && password='$password'";
if ($conn->query($sql) === TRUE) {
echo "
<script>
alert('Login Successful');
window.location.href='news.php';
</script>";
} else {
<script>
alert('Login unuccessful. User account does not exist');
window.location.href='news.php';
</script>";
}
?>
This code may look horrific to experienced programmers, which I understand, but please fire-away with suggestions. Thanks in advance for your help.
Aucun commentaire:
Enregistrer un commentaire