Hello I am working on a log in page, i have the issue that when i enter a username and login the page changes to the echo wrong user name or password.
it does not appear to be going to the login_success.php, this is leading to think the issue is with the sql syntax but i am yet to find an answer as to why. i also thought it may be the if($count==1){ and tried ($count>1){ with no success.
I have searched the net and tried a few different approaches but nothing working. I am new and will look into methods to stop sqlinjection however this site is not live and is only for practice :) this community has been a masive help to my learning thank you to you all in advance
HTML LoginPage.html
<form id=login name="login" action="login.php" method="post">
<fieldset id=fs>
<legend>Vault Security Console:</legend>
<!-- legeng tage creates a header title for the fieldset box, filedset pulls all data in the tag to gether with a box around it. -->
UserName: <input type="text" name="username"> <br>
Password: <input type="password" name="password"> <br>
<input type="submit" value="Login"> <input type="submit" value="Register">
</fieldset>
</form>
php-Login.php
<?php
// Create connection
$con=mysqli_connect('172.16.254.111',"user","password","Faults"); //(connection location , username to sql, password to sql, name of db)
// Check connection
if (mysqli_connect_errno($con))
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
//below is the variables from the login form
$username = $_POST['username'];
$password = md5(strip_tags($_POST['password']));
$sql="SELECT * FROM Users WHERE username='.addslashes($username).' and password='.addslashes($password).'";
$result=mysqli_query($sql);
//Mysql_num_row is counting table row
$count=mysqli_num_rows($result);
if($count==1){
session_register("username");
session_register("password");
header('location:login_success.php');
}
//if false echo below
else {
echo "<H2>Wrong Username or Password</H2>";
}
?>
