function login($email, $password, $mysqli) {// Using prepared statements means

1. function login($email, $password, $mysqli) {
2. // Using prepared statements means that SQL injection is not possible.
3. if ($stmt = $mysqli->prepare("SELECT id, username, password
4. FROM members
5. WHERE email = ?
6. LIMIT 1")) {
7. $stmt->bind_param('s', $email); // Bind "$email" to parameter.
8. $stmt->execute(); // Execute the prepared query.
9. $stmt->store_result();
10.  
11. // get variables from result.
12. $stmt->bind_result($user_id, $username, $db_password);
13. $stmt->fetch();
14.  
15. $stmt->bind_param('s', $email); // Bind "$email" to parameter.
16. $stmt->execute(); // Execute the prepared query.
17. $stmt->store_result();
18.  
19. function login($email, $password, $query) {
20. // Using prepared statements means that SQL injection is not possible.
21. if ($query = "SELECT id, username, password
22. FROM members
23. WHERE email = ?
24. LIMIT 1";
25.  
26. $results = pg_query($query);
27. if (!$results) {
28. echo "Problem with query " . $query . "<br/>";
29. echo pg_last_error();
30. exit();
31. }
32.  
33. $user_id = $myrow[user_id];
34. $username = $myrow[username];
35. $db_password = $myrow[db_password];