so I want to make a simple login and it works but when I use bind_param, it always shows 0 rows.
Here is the code:
session_start();
include("config.php");
$email = $_POST['email'];
$password = $_POST['password'];
if ($sql = $mysqli->prepare("SELECT email FROM user WHERE email='?' AND password LIKE SHA1('?')")) {
$sql->bind_param('ss',$email, $password);
$sql->execute();
$sql->store_result();
$num = $sql->num_rows;
$sql->close();
if($num>0){
echo "true";
}else{
echo "false";
}
}
I confirmed that I receive both email and password fields but the query only gets results when I manually enter them instead of "?" and removing bind_param.
I know that it is simple, but I can't figure out what's wrong.
Thanks in advance.
