使用php的数据库中的用户名和密码

Question

I am trying to check usernames and passwords with my database. However each time i attemp to login with my "admin" accounts using the password "12341" it won't give me the results I want.

login.php

<div align="center" position="fixed" >  
     <form action="login_process.php" method="post">  
        <input name="username" type="text" value="" size="9"><br>  
        <input name="pass" type="password" value="" size="9"><br>  
        <input type="submit" value="Log in">  
     </form>  
</div>

login_process.php

require_once('db_conn.php');



if (!isset($_POST['username']) || !isset($_POST['pass'])) {  
    echo 'U moet een gebruikersnaam en wachtwoord invoeren!';  
    exit;  
}

$sql = "SELECT `username`,`password` \n"
. "FROM `tryusers` \n"
. "WHERE `username` = \'Admin\'\n"
. "AND `password` = \'12341\'";
$sql = "SELECT `username`,`password` FROM `tryusers` WHERE `username` = " . $_POST['username'] . " AND password = " . $_POST['pass'] . "";
$results = $conn->query($sql);
    var_dump('postuser',$_POST['username'],'<br>');
    var_dump('postpass',$_POST['pass'],'<br>');
if(!$results){
    echo 'no results';
} else {
    echo $results;
}

db_conn.php

$servername = "localhost";
$username = "root";
$password = "";
$dbname = "trybase";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);

// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}

Any help is appreciated.

Regards, Sem

Answer 1

You have to make quotes arround the variables:

$sql = "SELECT `username`,`password` FROM `tryusers` WHERE `username` = '" . $_POST['username'] . "' AND password = '" . $_POST['pass'] . "'";

Or better use prepared statements.

Answer 2

you forgotten ' when pasting data from the form. Btw check this because your code is dangerous.