Creating a login page in PHP and MySQL is a fundamental skill for any web developer. Whether you’re building a simple personal website or a complex web application, implementing user authentication is crucial for protecting sensitive information and managing user access. In this article, I will guide you through the process of creating a login page in PHP and MySQL, sharing my personal insights and tips along the way.
Prerequisites
Before we dive into the code, let’s make sure we have the necessary tools and knowledge in place.
- Basic understanding of HTML and CSS
- PHP installed on your local machine or web server
- MySQL database server configured and running
- A text editor or integrated development environment (IDE) to write your PHP code
Setting Up the Database
The first step in creating a login page is to set up the database that will store user information. We’ll create a table called users with the following columns:
CREATE TABLE users (
id INT(11) AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(255) NOT NULL,
password VARCHAR(255) NOT NULL,
email VARCHAR(255) NOT NULL
);
Make sure to replace the database credentials with your own in the PHP code snippets.
Creating the Login Form
Now, let’s create the HTML form that will allow users to enter their login credentials. Here’s a basic structure:
<form method="POST" action="login.php">
<label for="username">Username:</label>
<input type="text" name="username" required>
<label for="password">Password:</label>
<input type="password" name="password" required>
<input type="submit" value="Log In">
</form>
It’s important to note that the form method is set to POST and the action attribute points to a PHP file called login.php. We’ll create this file in the next step.
Validating the Login Credentials
In the login.php file, we’ll handle the form submission and validate the user’s login credentials against the data stored in the database. Here’s an example:
<?php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
// Connect to the database
$conn = mysqli_connect('localhost', 'username', 'password', 'database');
// Perform a query to check if the user exists
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$result = mysqli_query($conn, $query);
// If the query returned a row, the login was successful
if (mysqli_num_rows($result) == 1) {
$_SESSION['username'] = $username;
echo "Login successful! Welcome, $username!";
} else {
echo "Invalid login credentials.";
}
// Close the database connection
mysqli_close($conn);
?>
After validating the login credentials, we store the user’s username in a session variable for future use. In this example, we simply echo a success message if the login is successful or an error message if the credentials are invalid.
Protecting Against SQL Injection
It’s crucial to secure our login system against SQL injection attacks, which can be done by using prepared statements or parameterized queries. Here’s an example:
<?php
$stmt = $conn->prepare("SELECT * FROM users WHERE username=? AND password=?");
$stmt->bind_param("ss", $username, $password);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows == 1) {
// Login successful
} else {
// Invalid login credentials
}
?>
By using prepared statements, we ensure that user input is treated as data rather than executable code, preventing potential SQL injection attacks.
Conclusion
Creating a login page in PHP and MySQL is an essential skill for web developers. In this article, we explored the process of setting up the database, creating the login form, validating the login credentials, and protecting against SQL injection. Remember to always prioritize security and user experience when implementing user authentication.
Now that you have a solid foundation, feel free to explore additional features such as password hashing, password recovery, and user registration. Happy coding!