Untitled

<?php

    /*
      This login.php script was inspired by https://www.w3schools.com/php/php_mysql_connect.asp
    */

    //Define and initialize variables to connect to database server
    $servername = "localhost";
    $username = "id1148117_xirokx";
    $password = "project";
    $dbName = "id1148117_login";

    //Create database connection
    $con = mysqli_connect($servername, $username, $password, $dbName);

    //check connection - If database connection unsuccessful display error = connection failed
    if ($con->connect_error) {
        die("Connection failed: " . $con->connect_error);
    }

    //check username and password form values are not empty and send (POST) them to database server to verify they exist.
    if(isset($_POST["username"]) && isset($_POST["password"])) {
        $username = $_POST["username"];
        $password = $_POST["password"];

        //using a prepared sql statement to minimise the risk of SQL injection attack
        //a prepared SQL "SELECT" query template is used to be executed on my database table
        //this query is executed on the "user" table and requests all the users details which match the
        //the username and password provided by the user in the android application.
        $statement = mysqli_prepare($con, "SELECT user_id,name,username,age,password FROM user WHERE username = ? AND password = ?");

        //attaches ("bind's") my form variables to my SQL query
        //"ss" defines the data types for both my variables - username and password are both Strings hence "ss"
        mysqli_stmt_bind_param($statement, "ss", $username, $password);

        //runs the SQL query on my database table
        mysqli_stmt_execute($statement);

        //stores the result of my prepared SQL query to a variable
        mysqli_stmt_store_result($statement);

        //defines each variable to attach the returned result of my prepared SQL SELECT query
        mysqli_stmt_bind_result($statement, $user_id, $name, $username, $age, $password);

        //creates an array to store results of the prepared SQL query
        $response = array();

        //initialises the value of "success" variable to false
        $response["success"] = false;

        //the SELECT SQL query above returns the values from the database table for that user and stores them in pre-defined variables
        //a while loop is used here to iterate through the returned result set of my above prepared SELECT SQL query
        //these returned values are stored in my array, called "response" and then sent back to my android application to use as required.
        while(mysqli_stmt_fetch($statement)){
            //return true because the SQL query successfully returned data
            $response["success"] = true;
            //the user id returned from the SQL query
            $response["user_id"] = $user_id;
            //the name returned from the SQL query
            $response["name"] = $name;
            //the username returned from the SQL query
            $response["username"] = $username;
            //the age returned from the SQL query
            $response["age"] = $age;
            //the password returned from the SQL query
            $response["password"] = $password;
        }

        //translates Php response into JSON Object so my mobile application can work
        //with the returned String and continue with processing.
        echo json_encode($response);

    }
    //if user did not provide values on my login form then return this error
    else {
        echo json_encode ("user input error: the user failed to provide a username and password,
                           please provide these details and retry logging into account");
    }

    //Close database connection to service further db requests and avoid application from slowing down
    $conn->close();
?>