How to fetch data from two different tables in sql with single login form

Question

I made two tables in SQL. first is login table and second is registration table. In login table I inserted a row of user admin and password admin, it works when I am logging in. But now I want to login from registration table. I means if an already registered user want to login how he can did it???

Following is my code, please help me. when I trying to login as registered user it show me the error "invalid username or password":

<?php 
include('../dbcon.php');  //Database connection included
if (isset($_POST['login'])) {

    $username = $_POST['uname'];       //data of login table in sql
    $password = $_POST['password'];
    $qry = "SELECT * FROM `login` WHERE `uname`='$username' AND `password`='$password' ";
    $run = mysqli_query($dbcon,$qry);
    $row = mysqli_num_rows($run);
    if ($row<1) 
    {
        echo "invalid usernaem or password";
    }
    else
    {

        $data = mysqli_fetch_assoc($run);
        $id  = $data['id'];
        echo "Your Id is " .$id;
    }
}
else
{
    if (isset($_POST['login'])) {       //for the  data of registraion table in sql
        $username = $_POST['uname'];
        $password = $_POST['password'];
        $qry = "SELECT * FROM `registration` WHERE `uname`= '$username' OR `email`='$email' AND `password` = '$password' ";
        $run = mysqli_query($dbcon,$qry);
        $row = mysqli_num_rows($run);
        if ($row<1) 
        {
            echo "password is incorrect";
        }
        else
        {
            $data = mysqli_fetch_assoc($run);
            $id  = $data['id'];
            echo "Your Id is " .$id;
        }

    }
}

?>

The second `if(isset($_POST['login']))` will never be true, because that case is handled in the first `if`. — Barmar, Jun 13 '18 at 22:25
I don't understand why you have two tables. What's the difference between the `login` table and the `registration` table? — Barmar, Jun 13 '18 at 22:26
You should not store plaintext passwords in the database. Learn to use `password_hash()` and `password_verify()`. — Barmar, Jun 13 '18 at 22:26
I still don't understand. What's the difference between the `login` table and `registration` table? Don't they both contain the list of all users and passwords? — Barmar, Jun 13 '18 at 22:32
No in login table there is just two columns, username admin, and password admin,,,, but registration table contains 6 columns of customers — Irfan Khan, Jun 13 '18 at 22:37

score 0 · Answer 1 · answered Jun 13 '18 at 22:46

You need to query the registration table when the login query doesn't find anything.

<?php 
include('../dbcon.php');  //Database connection included
if (isset($_POST['login'])) {

    $username = $_POST['uname'];       //data of login table in sql
    $password = $_POST['password'];
    $qry = "SELECT * FROM `login` WHERE `uname`='$username' AND `password`='$password' ";
    $run = mysqli_query($dbcon,$qry);
    $row = mysqli_num_rows($run);
    if ($row<1) 
    {
        // not an admin, check registration table
        $email = $_POST['email'];
        $qry = "SELECT * FROM `registration` WHERE (`uname`= '$username' OR `email`='$email') AND `password` = '$password' ";
        $run = mysqli_query($dbcon,$qry);
        $row = mysqli_num_rows($run);
        if ($row<1) 
        {
            echo "password is incorrect";
        }
        else
        {
            $data = mysqli_fetch_assoc($run);
            $id  = $data['id'];
            echo "Your Id is " .$id;
        }
    }
    else
    {
        $data = mysqli_fetch_assoc($run);
        $id  = $data['id'];
        echo "Your Id is " .$id;
    }
}
?>

You should also learn to use prepared statements instead of substituting variables into SQL, to protect against SQL-injection. See How can I prevent SQL injection in PHP?. And you should use password_hash() and password_verify() instead of storing plaintext passwords in the database.

How to fetch data from two different tables in sql with single login form

1 Answers1