I have a PHP script using PDO where I check a user's submitted email/password against a database. If the query returns a row, it takes the user to a success page, or if the credentials are incorrect they & no row is returned they are taken to a failed login page.
I feel like the comparison I'm using in my if to determine which page the user gets sent to is incorrect.
$sql = "SELECT email, password FROM user WHERE email= $email AND password = $password";
$stm = $db->prepare($sql);
$stm->execute();
$result = $stm->fetchColumn();
if ($result !== FALSE) {
header('Location: ./success.html');
}
else {
header('Location: ./failed.html');
}
Aucun commentaire:
Enregistrer un commentaire