ERROR 404 while accessing html/php file on localhost with xampp

Question

I am trying to access my html website on localhost with xampp. The php file is stored in htdocs long with the html file. However i still seem to be getting this error. My database name is check and table name is loginform.

<?php
$host="localhost";
$user="root";
$password="";
$dbname="check";

//create connection
$conn=mysqli_connect('$host', '$user', '$password', '$dbname');

//check connection
if (mysqli_connect_errno()) {
    die('could not connect:'.mysqli_connect_error());

    # code...
}
//accept values
if (isset($_POST['username'])) {

    $uname=$_POST['username'];
    $password=$_POST['password'];

    $sql="select * from loginform where $uname='".$user."' AND $password='".$pass."' limit 1";

    $result=mysqli_query($sql);
//check query
    if (mysqli_num_rows($result)==1) {

        echo "You have Successfully logged in";
        exit();

    }
    else{
        echo "Invalid credentials";
        exit();
    }
    mysqli_close($conn);

}

Answer 1

i cannot access your pc to figure out where the current location but i will talk about your code your login form is vuln [ sql injection ] you should use mysqli_real_escape_string(); or use php pdo more secure ( use bindParam )

for ex:

# mysql connection
$con = new PDO("mysql:host=localhost;dbname=database", 'username', 'password', array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8"));

$user = $_POST['username'];
$pass = $_POST['password'];

# login
$query = "SELECT * FROM `tableUsers` WHERE `username`=? AND `password`=?";
$run = $con->prepare($query);
$run->bindParam(1, $user, PDO::PARAM_STR);
$run->bindParam(2, $pass, PDO::PARAM_STR);
$run->execute();
$count = $run->RowCount();
if($count > 0) { // or if ($count === 1)
   // login complete the $_SESSION
} else {
   // wrong password
}

this code prevent SQLi but still XSS