<?php //Define and initialize variables to connect to database server $se

1. <?php
2.     //Define and initialize variables to connect to database server
3.     $servername = "localhost";
4.     $username = "id1148117_xirokx";
5.     $password = "project";
6.     $dbName = "id1148117_login";
7.    
8.     //Create database connection
9.     $con = mysqli_connect($servername, $username, $password, $dbName);
10.    
11.     //check connection - If database connection unsuccessful display error = connection failed
12.     if ($con->connect_error) {
13.         die("Connection failed: " . $con->connect_error);
14.     }
15.        
16.     //check username and password form values are not empty and send (POST) them to database server to verify they exist.
17.     if(isset($_POST["username"]) && isset($_POST["password"])) {
18.         $username = $_POST["username"];
19.         $password = $_POST["password"];
20.    
21.         //using a prepared sql statement to minimise the risk of SQL injection attack AND
22.         //to create a SQL "SELECT" query template that can be executed on my database table
23.         $statement = mysqli_prepare($con, "SELECT user_id,name,username,age,password FROM user WHERE username = ? AND password = ?");
24.    
25.         //attaches ("bind's") my form variables to my SQL query
26.         //"ss" defines the data types for both my variables - username and password are both Strings hence "ss"
27.         mysqli_stmt_bind_param($statement, "ss", $username, $password);
28.  
29.         //runs the SQL query in my database table
30.         mysqli_stmt_execute($statement);
31.    
32.         //stores the result of my prepared SQL query to a variable
33.         mysqli_stmt_store_result($statement);
34.        
35.         //defines each variable to attach the returned result of my prepared SQL SELECT query
36.         mysqli_stmt_bind_result($statement, $user_id, $name, $username, $age, $password);
37.    
38.         //returns "true" if my prepared SQL statement successfully returned data
39.         $response = array();
40.         $response["success"] = true;  
41.    
42.         //iterates using a while loop through the returned results of my prepared SQL statement SELECT query
43.         //and stores these results in my corresponding pre-defined variables
44.         while(mysqli_stmt_fetch($statement)){
45.             $response["success"] = true;  
46.             $response["name"] = $name;
47.             $response["name"] = $name;
48.             $response["username"] = $username;
49.             $response["age"] = $age;
50.             $response["password"] = $password;
51.         }
52.    
53.         //translates Php response into JSON Object so my mobile application can work with the returned String and continue processing.
54.         echo json_encode($response);
55.        
56.         //Close database connection to service further db requests and avoid application from slowing down
57.         $conn->close();
58.     }
59.     //if user did not provide values on my login form then return this error
60.     else {
61.         echo "check ip address, internet connection, else";
62.     }
63. ?>