I don't get why you have
$result->bindParam(':hjhjhjh', $user);
$result->bindParam(':asas', $password);
Why dud you have :hjhjhjh and :asas?
Wouldn't it just be the value of whatever is entered by the user for their username and password??
CREATE TABLE IF NOT EXISTS `users` ( `id` int(11) NOT NULL AUTO_INCREMENT, `username` varchar(100) NOT NULL, `password` varchar(100) NOT NULL, ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ;
<?php ?> <?php echo '<ul style="padding:0; color:red;">'; foreach($_SESSION['ERRMSG_ARR'] as $msg) { echo '<li>',$msg,'</li>'; } echo '</ul>'; } ?> <form action="reg.php" method="POST"> Username<br> <input type="text" name="uname" /><br> Password<br> <input type="password" name="pword" /><br> <input type="submit" value="Login" /> </form>
<?php $errflag = false; // configuration $dbhost = "localhost"; $dbname = "pdo_ret"; $dbuser = "root"; $dbpass = ""; // database connection $conn = new PDO("mysql:host=$dbhost;dbname=$dbname",$dbuser,$dbpass); // new data $user = $_POST['uname']; $password = $_POST['pword']; if($user == '') { $errmsg_arr[] = 'You must enter your Username'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'You must enter your Password'; $errflag = true; } // query $result = $conn->prepare("SELECT * FROM users WHERE username= :hjhjhjh AND password= :asas"); $result->bindParam(':hjhjhjh', $user); $result->bindParam(':asas', $password); $result->execute(); $rows = $result->fetch(PDO::FETCH_NUM); if($rows > 0) { } else{ $errmsg_arr[] = 'Username and Password are not found'; $errflag = true; } if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; } ?>
<div style="text-align:center;margin-top:50px;font-family:arial;font-size:20px;"> Congrats!<br> You've Benn Successfully Entered<br> In The<br> System<br> </div>