The prepare statement returns an object, you can execute that object. Thus $query->execute() – the first parameter of execute can be an array. Alternatively, you can use the bindParam function first on that same $query object instead of passing an array though.
Anyways, here you are:
<?php
if(isset($_POST['username'], $_POST['password'])){
try{
$username="root";
$password = '';
$conn = new PDO("mysql:host=localhost;dbname=lr;", $username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$query = $conn->prepare("SELECT * FROM users WHERE username = :username AND password = :password");
$result = $query->execute(array(':username' => $_POST['username'], ':password' => $_POST['password']));
} catch(PDOException $e){
echo 'ERROR', $e->getMessage();
}
}
?>
Edit: also it’s really bad practice to let applications use your root database user. You should get in the habit of giving users specific database permissions in the long run. Say a user that only has full permissions to one database.
1
solved PDO login.php needs help finishing [closed]