This question already has an answer here:
This is my first login form using PHP?MYSQLI. I'm doing a tutorial on simplest.com/siteezy.com, and am having trouble with the login process. The main issue being that the form will accept any input entered (even blank fields), and bring the person to the logged in page (account.php), whether they have registered on the site or not. The registration side of things seems to work fine. I've watched the tutorials several times, and copied the code to the letter..I'm wondering if I'm missing something here? Can't seem to find the answer here in other questions. Thanks!
<?php require 'connect.php'; ?>
<?php
if(isset($_POST['login'])){
$emailaddress = $_POST['EmailAddress'];
$password = $_POST['Password'];
$result = $con->query("SELECT * FROM users WHERE EmailAddress='$emailaddress' AND Password='$password'");
$row = $result->fetch_array(MSQLI_BOTH);
session_start();
$_SESSION["UserID"] = $row['UserID'];
header('Location: account.php');
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Login</title>
<link rel="icon" href="favicon.ico" type="image/x-icon">
<link rel="stylesheet" href="style/style.css">
</head>
<body>
<div class="container">
<!-- LOGIN FORM -->
<h3>Login here</h3>
<form action="" method="post" name="loginform" id="loginform">
<div class="form-group">
<div>Email Address:</div>
<input id="emailaddress" type="email" required="required" name="emailaddress" maxlength="88" class="form-control">
</div>
<div class="form-group">
<div>Password:</div>
<input id="password" type="password" name="password" class="form-control">
</div>
<input name="login" type="submit" class="button" value="login">
</form>
</div>
</div>