<?php
ob_start();
include 'connection.php';
$username = $_POST['username'];
$password = $_POST['password'];
$user_id = $_POST ['user_id'];
$query = "SELECT * FROM Register WHERE username= '$username' AND Password = '$password' AND user_id= '$user_id' ";
$result = mysqli_query($connection, $query) or exit("Error in the query: $query. " . mysqli_error());
$row = mysqli_fetch_assoc($result);
if ($row ) {
$_SESSION['username'] = $username;
echo '' . $username . '';
&& ($row ) {
$_SESSION['user_id'] = 1;
header('Location: AdminPage.php');
}
else if ($row ) {
$_SESSION['username'] = $username;
echo '' . $username . '';``
header('location:Login.php');
&& ($row ) {
$_SESSION['user_id'] = > 1;
header('Location: ProtectedPage.php');
}
else {
$_SESSION['error'] = 'User not recognised';
echo 'user not recognised';
header('location:Login.php');
}
im trying to make my php understand that if the user_id equals 1 then your an admin but i keep getting loads of errors and i know im vulnerable to SQL injection it isn't for live internet website which is why its vulnerable