if(isset($_POST['user_login']) && isset($_POST['password_login'])){ $user_logi

1. if(isset($_POST['user_login']) && isset($_POST['password_login'])){
2. $user_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['user_login']);
3. $password_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['password_login']);
4. $password_login_md5 = md5($password_login);
5.  
6. $sql = $databaseConnection->prepare('SELECT id,username,password, FROM users WHERE username = :user_login, password = ":password_login_md5"');
7. $sql->bindParam(':user_login', $user_login);
8. $sql->bindParam(':password_login_md5', $password_login_md5);
9. $sql->execute();
10. $userCount = $sql->rowCount();
11.  
12. foreach($userCount as $row){
13.  
14. if($row > 0){
15. $id = $row['id'];
16. }
17. $_SESSION["user_login"] = $user_login;
18. header("Location: index.php");
19. exit();
20. }else{
21. echo "That information is incorrect, try again";
22. }
23. }
24. ?>