Quote
I have a 'users' file in the db which holds 4 fields
Id - auto-increment primary key
username - var - unique key
password - var
role - var
It's a table not a file (code is text, words matter).
And to facilitate finding PHP errors & bugs, put this at the top of each script ...
$debug = 1;
error_reporting(E_ALL);
ini_set( "display_errors", $debug );
... write an error handler func (in an include file) that writes error info to a log file, and include calls to the err handler in all statements that can fail, eg ...
$link = mysqli_connect(...) or my_err_handler( mysqli_connect_error() );
if( !mysqli_stmt_bind_param(...) )
my_err_handler( mysqli_error($link) );
When it's all production ready, change $debug=1 stmts to $debug=0.
> $sql = "SELECT * FROM `users` WHERE `username`= "$username" and `password`= "$password"";
1 Yikes, you're storing user passwords in raw text? Don't do it, not secure!
2 Re-read the manual page for mysqli_prepare(),
https://www.php.net/manual/en/mysqli.prepare.php.
Param placeholders are question marks.
That should get you unstuck.