I'm trying to make a login page using php, but when I use header() to redirect to another page, my user/pass check on my database somehow fails. Am I doing something wrong?
Also, I know I'm missing security guards, I'm implementing in steps since I'm still rather new to PHP. But some tips and suggestions would be appreciated!
$dbc = mysqli_connect('localhost', 'root', 'admin', 'wamad')
or die("Error connecting to MySQL server.");
$query = "SELECT * FROM $table WHERE username = '$username' and password = '$password';";
$result = mysqli_query($dbc, $query)
or die("Login error");
if(mysqli_num_rows($result) == 1){
header("Location:login_success.php");
}else{
echo "Wrong username or password.";
}
echo mysqli_num_rows($result);
mysqli_close($dbc);