How to Create a Simple Login with Validation PHP/MySQLi

Submitted by: 
Visitors have accessed this post 7967 times.

In this tutorial will show you how to create a simple login with user input validation using PHP/MySQLi. This tutorial does not include a good design but will give you an idea on how to create a simple Login using PHP/MySQLi.

Creating our Database

First, we're going to create a database that contains the user data.
1. Open phpMyAdmin.
2. Click databases, create a database and name it as "login".
3. After creating a database, click the SQL and paste the below code. See image below for detailed instruction.

  1. CREATE TABLE `user` (
  2. `userid` INT(11) NOT NULL AUTO_INCREMENT,
  3. `username` VARCHAR(30) NOT NULL,
  4. `password` VARCHAR(30) NOT NULL,
  5. `fullname` VARCHAR(60) NOT NULL,
  6. PRIMARY KEY (`userid`)


Inserting Data into our Database

Next, we insert a data into our database to check whether a user is found in our database.
1. Click our database "login".
2. Click SQL and paste the below code.

  1. INSERT INTO `user` (`username`, `password`, `fullname`) VALUES
  2. ('user', 'user', 'hello world');

Creating our Connection

Next step is to create a database connection and save it as "conn.php". This file will serve as our bridge between our form and our database. To create the file, open your HTML code editor and paste the code below after the tag.

  1. <?php
  2. $conn = mysqli_connect("localhost","root","","login");
  4. // Check connection
  5. {
  6. echo "Failed to connect to MySQL: " . mysqli_connect_error();
  7. }
  8. ?>

Creating our Login Form and Login Script

Lastly, we create our Login Form with the login script and save it as "index.php". In this form, the inputted data of the user will be checked if it is found in the database that we created earlier. To create the form, open your HTML code editor and paste the code below after the tag.

  1. <!DOCTYPE html>
  2. <title>Login with Validation PHP, MySQLi</title>
  3. .message {color: #FF0000;}
  4. </head>
  6. <?php
  7. // define variables and set to empty values
  8. $Message = $ErrorUname = $ErrorPass = "";
  10. if ($_SERVER["REQUEST_METHOD"] == "POST") {
  12. $username = check_input($_POST["username"]);
  14. if (!preg_match("/^[a-zA-Z0-9_]*$/",$username)) {
  15. $ErrorUname = "Space and special characters not allowed but you can use underscore(_).";
  16. }
  17. else{
  18. $fusername=$username;
  19. }
  21. $fpassword = check_input($_POST["password"]);
  23. if ($ErrorUname!=""){
  24. $Message = "Login failed! Errors found";
  25. }
  26. else{
  27. include('conn.php');
  29. $query=mysqli_query($conn,"select * from `user` where username='$fusername' && password='$fpassword'");
  30. $num_rows=mysqli_num_rows($query);
  31. $row=mysqli_fetch_array($query);
  33. if ($num_rows>0){
  34. $Message = "Login Successful!";
  35. }
  36. else{
  37. $Message = "Login Failed! User not found";
  38. }
  40. }
  41. }
  43. function check_input($data) {
  44. $data = trim($data);
  45. $data = stripslashes($data);
  46. $data = htmlspecialchars($data);
  47. return $data;
  48. }
  49. ?>
  51. <h2>Login Form</h2>
  52. <p><span class="message">* required field.</span></p>
  53. <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
  54. Username: <input type="text" name="username" required>
  55. <span class="message">* <?php echo $ErrorUname;?></span>
  56. <br><br>
  57. Password: <input type="password" name="password" required>
  58. <span class="message">* <?php echo $ErrorPass;?></span>
  59. <br><br>
  60. <input type="submit" name="submit">
  61. <br><br>
  62. </form>
  64. <span class="message">
  65. <?php
  66. if ($Message=="Login Successful!"){
  67. echo $Message;
  68. echo 'Welcome, '.$row['fullname'];
  69. }
  70. else{
  71. echo $Message;
  72. }
  74. ?>
  75. </span>
  77. </body>
  78. </html>

Note: Due to the size or complexity of this submission, the author has submitted it as a .zip file to shorten your download time. After downloading it, you will need a program like Winzip to decompress it.

Virus note: All files are scanned once-a-day by for viruses, but new viruses come out every day, so no prevention program can catch 100% of them.


1. Re-scan downloaded files using your personal virus checker before using it.
2. NEVER, EVER run compiled files (.exe's, .ocx's, .dll's etc.)--only run source code.

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • You may insert videos with [video:URL]
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <th> <img> <h1> <h2> <h3> <iframe> [video]
  • You can enable syntax highlighting of source code with the following tags: <code>, <blockcode>, <asp>, <c>, <cpp>, <csharp>, <css>, <html4strict>, <java>, <javascript>, <mysql>, <php>, <python>, <sql>, <vb>, <vbnet>. The supported tag styles are: <foo>, [foo].
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.