I am trying to create a login page using php and sql server, but its not working. It looks like the $row_count
is 0
, because I’m getting the error message on the url.
I run the query on MS SQL Management Studio and it worked.
Here is my code:
include_once('connection.php');
if(isset($_POST['hidden_login'])) {
$username = str_replace("'", "''", $_POST['username']);
$password = $_POST['password'];
$sql = "select
[login_id],
username,
[password]
from [login_authentication]
where username = '$username' and password = '$password'";
$stmt = sqlsrv_query( $conn, $sql, array(), array( "Scrollable" => 'static' ));
$row_count = sqlsrv_num_rows( $stmt );
if( $stmt === false ) { die( print_r( sqlsrv_errors(), true));}
if($row_count == 0) {
header("location: index.php?msg=Incorrect username or password&key=danger");
exit;
} else {
#creates sessions
while($row = sqlsrv_fetch_array( $stmt, SQLSRV_FETCH_ASSOC)){
$_SESSION['login_id'] = $row['login_id'];
}
#redirects user
header("Location: portal.php");
}
}
sqlsrv_close( $conn );