How to fetch data from two different tables in sql with single login form

Irfan Khan Source

I made two tables in SQL. first is login table and second is registration table. In login table I inserted a row of user admin and password admin, it works when I am logging in. But now I want to login from registration table. I means if an already registered user want to login how he can did it???

Following is my code, please help me. when I trying to login as registered user it show me the error "invalid username or password":

<?php 
include('../dbcon.php');  //Database connection included
if (isset($_POST['login'])) {

    $username = $_POST['uname'];       //data of login table in sql
    $password = $_POST['password'];
    $qry = "SELECT * FROM `login` WHERE `uname`='$username' AND `password`='$password' ";
    $run = mysqli_query($dbcon,$qry);
    $row = mysqli_num_rows($run);
    if ($row<1) 
    {
        echo "invalid usernaem or password";
    }
    else
    {

        $data = mysqli_fetch_assoc($run);
        $id  = $data['id'];
        echo "Your Id is " .$id;
    }
}
else
{
    if (isset($_POST['login'])) {       //for the  data of registraion table in sql
        $username = $_POST['uname'];
        $password = $_POST['password'];
        $qry = "SELECT * FROM `registration` WHERE `uname`= '$username' OR `email`='$email' AND `password` = '$password' ";
        $run = mysqli_query($dbcon,$qry);
        $row = mysqli_num_rows($run);
        if ($row<1) 
        {
            echo "password is incorrect";
        }
        else
        {
            $data = mysqli_fetch_assoc($run);
            $id  = $data['id'];
            echo "Your Id is " .$id;
        }

    }
}

?>
phpsqlloginphpmyadmin

Answers

answered 4 months ago Barmar #1

You need to query the registration table when the login query doesn't find anything.

<?php 
include('../dbcon.php');  //Database connection included
if (isset($_POST['login'])) {

    $username = $_POST['uname'];       //data of login table in sql
    $password = $_POST['password'];
    $qry = "SELECT * FROM `login` WHERE `uname`='$username' AND `password`='$password' ";
    $run = mysqli_query($dbcon,$qry);
    $row = mysqli_num_rows($run);
    if ($row<1) 
    {
        // not an admin, check registration table
        $email = $_POST['email'];
        $qry = "SELECT * FROM `registration` WHERE (`uname`= '$username' OR `email`='$email') AND `password` = '$password' ";
        $run = mysqli_query($dbcon,$qry);
        $row = mysqli_num_rows($run);
        if ($row<1) 
        {
            echo "password is incorrect";
        }
        else
        {
            $data = mysqli_fetch_assoc($run);
            $id  = $data['id'];
            echo "Your Id is " .$id;
        }
    }
    else
    {
        $data = mysqli_fetch_assoc($run);
        $id  = $data['id'];
        echo "Your Id is " .$id;
    }
}
?>

You should also learn to use prepared statements instead of substituting variables into SQL, to protect against SQL-injection. See How can I prevent SQL injection in PHP?. And you should use password_hash() and password_verify() instead of storing plaintext passwords in the database.

comments powered by Disqus