user login script runs using mysqli prepared statement works alright but does not redirect

Question

if (isset($_POST['submit'])) {
      # code...
      $umail = $_POST['userMail'];
      $upassword = $_POST['userPassword'];

      $query = "SELECT * FROM users WHERE EMAIL = ? AND PASSWORD = ? ";
      //prepare the statement
      $stmt = $db->prepare($query);

      //bind the parameters
      $stmt->bind_param("ss",$userMail, $userPassword);

      $userMail = $umail;
      $userPassword = $upassword;


      //execute the query
      $stmt->execute();

      //get the query result
      $result = $stmt->get_result();

      $rowCount = $result->num_rows;

      if ($rowCount > 0) {
        # code...

        $_SESSION['id'] = $row['id'];
        $_SESSION['email'] = $row['email'];

        header("Location: successful.php");
      }else{
        $errorMsg = '<div class="alert alert-danger" role="alert">
              <strong>Unsuccessful Login.</strong>Please check your credentials and try again.
            </div>';
      }
      $stmt->close();

      $db->close();
    }

this is my user login form using prepared statement. the form just reloads and displays itself when i try running it. i am guessing it is a logic error but i can not seem to figure out what i am doing wrong any help please?

**Never store plain text passwords!** Please use ***PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html)*** to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). ***It is not necessary to [escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. — Jay Blanchard, Jul 18 '17 at 15:54

user login script runs using mysqli prepared statement works alright but does not redirect

0 Answers0