15 1 0 4000 1 https://codeblock.co.za 300 true 0
Build a Basic Login System Using PHP and MySQLi

Build a Basic Login System Using PHP and MySQLi


Creating a login system in PHP involves several steps, including creating a database table to store user credentials, implementing the login form, validating user input, and handling authentication. Below is a simple example of how to create a basic login system using PHP and MySQLi:


  • A basic understanding of PHP.
  • A basic understanding of databases.

Create a MySQL Database Table to Store User Information

    username VARCHAR(50) NOT NULL UNIQUE,
    password VARCHAR(255) NOT NULL

Create a PHP Script for the Login Form (login.php)

<!DOCTYPE html>
<html lang="en">
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <?php if(isset($registration_error)) { ?>
        <div><?php echo $registration_error; ?></div>
    <?php } ?>
    <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
        <label for="username">Username:</label><br>
        <input type="text" id="username" name="username" required><br><br>
        <label for="password">Password:</label><br>
        <input type="password" id="password" name="password" required><br><br>
        <input type="submit" value="Register">

Create a PHP Script to Process the Login (login_process.php)


// Database connection parameters
$servername = "localhost";
$username = "username";
$password = "password";
$database = "dbname";

// Create connection
$conn = new mysqli($servername, $username, $password, $database);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);

// Function to sanitize user inputs
function sanitize_input($data) {
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;

    // Sanitize and validate input data
    $username = sanitize_input($_POST["username"]);
    $password = sanitize_input($_POST["password"]);

    // Hash the password
    $hashed_password = password_hash($password, PASSWORD_DEFAULT);

    // Query to insert user details
    $sql = "INSERT INTO users (username, password) VALUES (?, ?)";
    $stmt = $conn->prepare($sql);
    $stmt->bind_param("ss", $username, $hashed_password);

    if ($stmt->execute()) {
        // Registration successful, redirect to login page
        header("Location: login.php");
    } else {
        // Registration failed
        $registration_error = "Registration failed. Please try again.";

// Close database connection

In the above example:

  • password_hash() is used to hash passwords before storing them in the database.
  • password_verify() is used to verify hashed passwords during login.
  • Session management is done using $_SESSION superglobal variables.
  • Input validation is performed using htmlspecialchars() to prevent XSS attacks and trim() to remove whitespace.
  • Prepared statements are used to prevent SQL injection attacks.

Make sure to replace "localhost", "username", "password", and "dbname" with your actual database connection details. Additionally, you may need to adjust the code according to your database schema.


This is a basic example of a login system in PHP. Always consider security best practices when developing a login system, such as password hashing and salting, session management, input validation, using prepared statements to prevent SQL injection attacks and using bcrypt or Argon2 for password hashing.

Is this still valid in 2024? Please let me know in the comments below.

Was This Helpful?

How to Speed Up WordPress Websites
Previous Post
How to Speed Up Your WordPress Website
Understanding DOM Manipulation A Beginner's Guide
Next Post
Understanding DOM Manipulation: A Beginner’s Guide


Leave a Reply