<?php include 'db_connection.php'; session_start(); if(isset($_POST['lo

1. <?php include 'db_connection.php';
2. session_start();
3. if(isset($_POST['login'])){
4. if(!empty($_POST['username']) && !empty($_POST['password']){
5. $get_username=mysqli_real_escape_string($conn,$_POST['username'];
6. $get_password=mysqli_escape_string($conn,$_POST['password'];
7. $sql = "SELECT * FROM EMPLOYEES WHERE EMP_USERNAME = '$get_username' AND EMP_PASSWORD = '$get_password'");
8. if($result = mysqli_query($conn,$sql)){
9. if(mysqli_num_rows($result) == 1{
10. $_SESSION['username'] = $get_username;
11. $_SESSION['password'] = $get_password;
12. header("Location:../index.php");
13. }else{
14. header("Location:../index.php?login=wrong");
15. }
16. }else{
17. header("Location:../index.php?login_error=query_error");
18. }
19. }else{
20. header("Location:../index.php?login_error=login_empty");
21. }
22. }
23.  
24. <?php
25. $servername = "localhost";
26. $username = "root";
27. $password= "";
28. $dbname = users;
29.  
30. $conn = new mysqli($servername, $username,$password,$dbname);
31. if($conn->connect_error){
32. die("connection failed: ".$conn->connect_error);
33. }
34. ?>