HTML
<form type="POST" action="includes/login.php">
<input type="email" name="email" placeholder="email" />
<input type="password" name="password" placeholder="parola" />
<input type="submit" value="Login">
</form>
PHP
<?php
require_once 'config.php';
if(isset($_POST['email']))
{
$email = mysqli_real_escape_string($_POST['email']);
}
else
{
echo "Nu ati completat adresa de e-mail. <br />";
}
if(isset($_POST['password']))
{
$email = mysqli_real_escape_string($_POST['password']);
}
else
{
echo "Nu ati completat parola. <br />";
}
if(isset($_POST['email']) && ($_POST['password']))
{
$query = ("SELECT * FROM `users` WHERE password = '$password' AND email = '$email'");
$result = mysqli_query($link, $query);
$row = mysqli_fetch_array($result);
$count_rows = mysqli_num_rows($result);
if ($count_rows == 1)
{
$_SESSION["login"] = "OK";
header("Location: ../index.php");
}
else
{
header("Location: ../login.php");
}
}
?>
I tried switching from MySQL to MySQLi and I'm sure it's related to this. My form is not passing values to the PHP script even if the inputs have a name. Did some research here on StackOverflow and found many questions about forms not passing data but there was usually a typo or a missing name, which is not my case (I think).
(I know that the password is not secured yet, I'll add a SHA256 or something there soon so don't stress about it)
Tried echoing the query and it's just blank where the password and email address should be.
SELECT * FROM `users` WHERE password = '' AND email = ''
I also get this warning:
Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in C:\xampp\htdocs\breloc\includes\login.php on line 4
Line 4 in my script is:
$email = mysqli_real_escape_string($_POST['password']);
