<?phpinclude 'connection.php';$username = mysqli_real_escape_string($conn,

1. <?php
2. include 'connection.php';
3.  
4. $username = mysqli_real_escape_string($conn, $_POST[’username’]);
5. $password = mysqli_real_escape_string($conn, $_POST['password']);
6.  
7. //Query för att kolla om så att personen skriver in rätt epost och lösenord
8. $sql = "SELECT * FROM user WHERE (epost = '$username’ OR personnummer = ’$username) AND password = '$passwordcheck'";
9. $resultat = mysqli_query($conn, $sql) or die("Bad SQL: $sql" );
10.  
11.  
12. if(mysqli_num_rows($resultat) > 0){
13. echo "Success";
14. SESSION_START();
15. $_SESSION['inlogged'] = true;
16. $_SESSION[’username’] = $username;
17. header('Location: index.php');
18. exit();
19.  
20. }else {
21. echo "Fail";
22. }
23.  
24. ?>