Secure Standard Login



PHP Code:

$username = $_POST['username'];
$password = $_POST['password'];

$query = sprintf("SELECT * FROM users WHERE username = '%s' AND password = '%s';",
                 mysqli_real_escape_string($connection, $username),
                 mysqli_real_escape_string($connection, $password));

$result = mysqli_query($connection, $query);

if ($result->num_rows > 0)
{
    echo "Authenticated as " . $username;

    // ...
    // $_SESSION['logged_user'] = $username;
    // ...
}
else
{
    echo "Wrong username/password combination.";
}