Im having trouble getting my login to work on my site. it keeps telling me query failed, but when i echo out the username and password it matches the one on the server so i dont understand why its not working. heres a link to my site http://trieste.sdsu.edu/~trst016/proj2/proj2.html Im a new programmer by the way very noob. PHP: $db = mysqli_connect($server, $user, $password, $database); $salt = "45Gxkj9583lPMdxoekfg"; $user = $_POST['username']; $pass = crypt($_POST['password'], $salt); echo "<h2>welcome you are now logged in ".$user." ".$pass."</h2><br />\n"; $sql = "SELECT username, password FROM faculty WHERE username = $user AND password = $pass"; $result = mysqli_query($sql,$db) or die('Query failed: ' . mysql_error($db)); if (mysql_num_rows($result) == 1) { //successful login echo "<h2>Welcome You are now logged in.</h2>\n"; } else { // not successful $page = file_get_contents("err_login.html"); echo $page; exit; } //session_start(); //$_SESSION['valid'] = 1; //$_SESSION['user'] = $username;
$sql = "SELECT username, password FROM faculty WHERE username = $user AND password = $pass"; If you don't put the variables in the SQL-Statements into quotes, they are used as column names. It should be something like this: $sql = "SELECT username, password FROM faculty WHERE username = \"$user\" AND password = \"$pass\"";
