Hi

I have built a sign up form which works perfect and a login form that works perfect but if I try to add the id number into the url using php, it makes the login form load the same page and not redirect to the profile page, below is the code I have on the login form processing page



<?php

ob_start();
session_start();

$username = $_POST['username'];
$password = $_POST['password'];

$_SESSION['username'] = $username;

$conn = mysqli_connect('localhost', 'xxxx', 'xxxx', 'xxxx');

$id=$_GET['id'];

$username = mysqli_real_escape_string($conn, $username);
$query = "SELECT password, salt
FROM recruiters
WHERE username = '$username' AND id=$id;";

$result = mysqli_query($conn, $query);

if(mysqli_num_rows($result) == 0) // User not found. So, redirect to login_form again.
{
header('Location: recruiter-login.php');
}

$userData = mysqli_fetch_array($result, MYSQL_ASSOC);
$hash = hash('sha256', $userData['salt'] . hash('sha256', $password) );

if($hash != $userData['password']) // Incorrect password. So, redirect to login_form again.
{
header('Location: recruiter-login.php');
}else{ // Redirect to home page after successful login.
header('Location: recruiter-profile.php?id=$id');

}
?>


I put error reporting in and is not displaying any errors so is one good thing

If I take out AND id=$id from the sql query, the login works and logs me in

Hope someone can help

Thank you in advance

Ian

Have you tried it with apostrophes around the $id variable (so it looks like the username pairing)?
AND id = '$id'

Have you tried it with apostrophes around the $id variable (so it looks like the username pairing)?
AND id = '$id'

Hi Beverley, thank you for the reply, appreciate it

I have got it sussed now, sorry

Also is it possible to edit or delete this thread or my original post as realised it has my db info in

OK - sorted :)

OK - sorted :)

Thank you so much, really appreciate it