I am new in prepared statement and everytime i will login in correct input it gives me the last statement $_SESSION["message"] but why?
$user = $_POST["username"];
$pass = $_POST["password"];
$stmt = mysqli_prepare($conn, "SELECT * FROM user WHERE username = ? AND password = ?");
mysqli_stmt_bind_param($stmt, "ss", $user, $pass);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
if(mysqli_stmt_num_rows($stmt) > 0){
$row = mysqli_stmt_fetch($stmt);
if($row["user_type"]=="admin"){
$_SESSION["username"] = $user;
$_SESSION["user_type"] = $row["user_type"];
header("Location: adminpage.php");
}elseif($row["user_type"]=="secretary"){
$_SESSION["username"] = $user;
$_SESSION["user_type"] = $row["user_type"];
header("Location: dashboard.php");
}
}else{
$_SESSION["message"] = "Invalid username or password";
header("Location: index.php");
mysqli_stmt_close($stmt);
}
mysqli_close($conn);