0
$username = $_POST['username'];
$password = $_POST['password'];

/* check connection */
if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}

$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$query .= "SELECT balance FROM users WHERE id ='1'";

if (mysqli_multi_query($connect, $query)) {
    do {
        /* store first result set */
        if ($result = mysqli_store_result($connect)) {
            while ($row = mysqli_fetch_row($result)) {

                if($row['username'] == $username && $row['password'] == $password && $password != '' && $username != ''){
                        session_start();    
                        $_SESSION['username'] = $row['username'];
                        $_SESSION['email'] = $row['email'];
                        $_SESSION['balance'] = $row['balance'];
                        echo "Logged in successfully!";
                    } else {
                        echo "Invalid username or password!";
                    }
            }
            mysqli_free_result($result);
        }
    } while (mysqli_next_result($connect));
}

When they post you get the username/password, what I'm not sure is how to save the person information in a session variable(I assume that's the proper way to do stuff), other information on their row.

As of now I can't even enter the if statement that checks username and password

user3026745
  • 19
  • 1
  • 5

1 Answers1

1

Sessions are the way forward here.

Here a basic tutorial to help you start.

$_SESSION

Also look at sanitising your queries before running them directly on your server.

Here is another example: LINK

Community
  • 1
  • 1
Rob
  • 409
  • 4
  • 20