When I try to log in with the entered password, it does not redirect to another page, although the password is correct. And when you try to log in without a password, it redirects.

What could be the problem?

Code example:

if (empty($errors)) { $userQuery = "SELECT * FROM admins" ; $userResult = mysqli_query($connection, $userQuery); while($userRow = mysqli_fetch_assoc($userResult)) { if($userRow["username"] == $_POST["username"] && $userRow["password"] == $_POST["password"]) { $_SESSION["username"] = $_POST["username"]; redirect_to("../public/library.php"); //это Функция } } }
  • You did not have one closing bracket. That you did not copy the code or you really do not have it? - torokhkun
  • Everything is in the project - pavel
  • @pavel I note that MySQL can do much more than select * from the entire table. you can write select * from admins where username='pavel' and he will select the right entry and you don’t need to cycle through the entire table - Mike
  • @pavel It is also worth bringing a piece of code that normally redirects to see the differences. And most importantly, do you have anywhere on the current page in the code up to the specified piece of password checking? because redirect after the output of at least one character is impossible. - Mike
  • No, I do not print it all up to DOCTYPE html - pavel

1 answer 1

Try this:

 if (empty($errors)) { $userQuery = "SELECT * FROM admins WHERE username = '" . mysql_real_escape_string($_POST["username"]) . "' AND password = '" . mysql_real_escape_string($_POST["password "]) . "'"; $userResult = mysqli_query($connection, $userQuery); if( mysqli_num_rows($userResult) ) { $_SESSION["username"] = $_POST["username"]; redirect_to("../public/library.php"); } }