This is my code for check login. It return query failed. I don't know which syntax is wrong. Any help ? Do I need to SELECT everything in my table only ? In my login page, there are only need username, password and role. But in my table there are other things to as stated at my $_SESSION below. Do I need to call back everything in my table or something ? Because my coding can't read the query. There is no syntax error but when I try to login, query failed appear.
<?php
session_start();
require 'database.php';
//to store validation errors
$errmsg_arr = array();
//validation error flag
$errflag = false;
//function to sanitize values from the form. Preventing the SQL injection
function clean ($str){
$str = @trim($str);
if (get_magic_quotes_gpc()){
$str = striplashes ($str);
}
return mysql_real_escape_string($str);
}
//sanitize POST values
$myusername = clean ($_POST['username']);
$mypassword = clean ($_POST['password']);
$role = clean ($_POST['role']);
//input validations
if ($myusername = ''){
$errmsg_arr[] = 'Insert your username';
$errflag = true;
}
if ($mypassword = ''){
$errmsg_arr[]= 'Insert you password';
$errflag = true;
}
//if there are input validation, redirect back to home
if ($errflag){
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location:index.php");
exit();
}
$qry = "SELECT user_id, username, name, password, role FROM student WHERE username = '$myusername', password = '".md5($_POST['password'])."' AND role = '$role' ";
$result = mysql_query($qry);
if ($result){
if (mysql_num_rows($result)== 1){
session_regenerate_id();
$student = mysql_fetch_assoc($result);
$_SESSION['SESS_USER_ID']= $student['user_id'];
$_SESSION['SESS_NAME']= $student['name'];
$_SESSION['SESS_GENDER']= $student['gender'];
$_SESSION['SESS_MATRIC']= $student['matric'];
$_SESSION['SESS_COLLEGE']= $student['college'];
$_SESSION['SESS_FACULTY']= $student['faculty'];
$_SESSION['SESS_COURSE']= $student['course'];
$_SESSION['SESS_EMAIL']= $student['email'];
$_SESSION['SESS_PHONE']= $student['phone'];
session_write_close();
header("location: profile.php");
exit();
}else {
header ("location: login_failed.php");
exit();
}
}else {
die ("Query failed");
}
?>