<?php // PHP code session_start(); //connected to db // required variab

1. <?php
2. // PHP code
3. session_start();
4.  
5. //connected to db
6.  
7. // required variables (make them explciit no need for foreach loop)
8. $teacherusername = (isset($_POST['teacherusername'])) ? $_POST['teacherusername'] : '';
9. $teacherpassword = (isset($_POST['teacherpassword'])) ? $_POST['teacherpassword'] : '';
10. $loggedIn = false;
11.  
12. if (isset($_POST['submit'])) {
13.  
14. $teacherpassword = md5(md5("j3Jf92".$teacherpassword."D203djS"));
15.  
16. // don't use $mysqli->prepare here
17. $query = "SELECT * FROM Teacher WHERE TeacherUsername = ? AND TeacherPassword = ? LIMIT 1";
18. // prepare query
19. $stmt=$mysqli->prepare($query);
20. // You only need to call bind_param once
21. $stmt->bind_param("ss",$teacherusername,$teacherpassword);
22. // execute query
23. $stmt->execute();
24. // get result and assign variables (prefix with db)
25. $stmt->bind_result($dbTeacherForename,$dbTeacherSurname,$dbTeacherUsername,$dbTeacherPassword);
26.  
27. while($stmt->fetch()) {
28. if ($teacherusername == $dbTeacherUsername && $teacherpassword == $dbTeacherPassword) {
29. $loggedIn = true;
30. }
31. }
32.  
33. if ($loggedIn == true){
34. // left your session code as is - but think wisely about using
35. $_SESSION['teacherforename'] = $dbTeacherForename;
36. $_SESSION['teachersurname'] = $dbTeacherSurname;
37. header( 'Location: menu.php' ) ;
38. die();
39. }
40.  
41. /* close statement */
42. $stmt->close();
43.  
44. /* close connection */
45. $mysqli->close();
46. }
47. ?>
48.  
49. SELECT TeacherForname, TeacherSurname, TeacherUsername, TeacherPassword FROM Teacher WHERE TeacherUsername = ? AND TeacherPassword = ? LIMIT 1