<form Name ="form1" Method ="POST" ACTION = "userlogin.php" id="form1"> <div

1. <form Name ="form1" Method ="POST" ACTION = "userlogin.php" id="form1">
2. <div id="main_body" class="full-width">
3. <label>Username:</label>
4. <input type = "text"
5. id = "usernameLogin"
6. name="pat_username">
7. <label>Password:</label>
8. <input type = "password"
9. id = "passwordLogin"
10. name="pat_password">
11. <input type="submit" onclick="click_button_login()" value="Login" name="submit" id="submit"/>
12. </div>
13. </form>
14.  
15. <?php
16. if(isset($_POST["submit"])){
17. $servername = "localhost";
18. $username = "root";
19. $password = "";
20. $dbname = "dbname";
21.  
22. // Create connection
23. $conn = new mysqli($servername, $username, $password, $dbname);
24.  
25. //Check connection
26. if ($conn->connect_error) {
27. die("Connection failed: " . $conn->connect_error);
28. }
29.  
30.  
31. $newUsername = mysqli_real_escape_string($conn, $_POST['pat_username']);
32. $newPassword = mysqli_real_escape_string($conn, $_POST['pat_password']);
33.  
34. $result = $conn->query("SELECT * FROM tablename WHERE patient_username ='$newUsername' AND patient_password='$newPassword'");
35.  
36.  
37.  
38. if (mysqli_num_rows($result)) {
39. header("Location: mainmenu.html");
40. }
41. else
42. {
43. header("Location: index.html");
44.  
45. }
46. $conn->close();
47. }
48. ?>
49.  
50. if(isset($_POST["submit"]))
51.  
52. if ((isset($_POST["pat_username"]))&&(isset($_POST["pat_password"])))
53.  
54. Your form, you should working on security and eliminating auto submission, this eliminates auto submission as form contains SESSION_ID() which are unique on web browsing session.
55.  
56. <Form Name ="form1" Method ="POST" ACTION = "userlogin.php" id="form1">
57. <div id="main_body" class="full-width">
58. <br>
59. <br>
60. <label>Username:</label>
61. <input type = "text"
62. id = "usernameLogin"
63. name="pat_username"> <br>
64.  
65. <br> <label>Password:</label>
66. <input type = "password"
67. id = "passwordLogin"
68. name="pat_password"> <br><button value="<?php echo session_id() ?>" type="submit" name="login_check">Login</button>
69.  
70. </div>
71. </Form>
72.  
73. ##SPRINTF EXAMPLE CODE
74. //$query = sprintf('SELECT * FROM TABLE WHERE username = "%s" AND password = "%s"',mysql_real_escape_string($username),mysql_real_escape_string($password));
75.  
76. #### EXAMPLE END HERE##
77.  
78. <?php
79. if(isset($_POST["login_check"]) && $_POST['login_check']==session_id()){
80. $servername = "localhost";
81. $username = "root";
82. $password = "";
83. $dbname = "dbname";
84.  
85. // Create connection
86. $conn = new mysqli($servername, $username, $password, $dbname);
87.  
88. //Check connection
89. if ($conn->connect_error) {
90. die("Connection failed: " . $conn->connect_error);
91. }
92.  
93.  
94. $newUsername = mysqli_real_escape_string($conn, $_POST['pat_username']);
95. $newPassword = mysqli_real_escape_string($conn, $_POST['pat_password']);
96.  
97. $result = $conn->query("SELECT * FROM tablename WHERE patient_username ='$newUsername' AND patient_password='$newPassword'");
98.  
99.  
100.  
101. if (mysqli_num_rows($result)) {
102. header("Location: mainmenu.html");
103. }
104. else
105. {
106. header("Location: index.html");
107.  
108. }
109. $conn->close();
110. }
111. ?>