I created this code, and says that it does not find any record, even knowing that the record exists and the email and pass are correct.
Error and always "INVALID USERNAME / PASSWORD Combination!"
$uid = mysqli_real_escape_string($con, sanitize($_POST['email']));
$pwd = mysqli_real_escape_string($con, sanitize($_POST['password']));
$stmt = $con->prepare("SELECT email, password FROM public_users WHERE email = ? AND password = ? LIMIT 1");
$stmt->bind_param('is', $uid, $pwd);
$stmt->execute();
$stmt->bind_result($uid, $pwd);
$stmt->store_result();
if($stmt->num_rows == 1) {
if($stmt->fetch()) {
if(password_verify($pwd, $hashed_password)) {
echo "Combination!";
} else {
echo "PASSWORD Combination!";
}
}
} else {
echo "INVALID USERNAME/PASSWORD Combination!";
}
$stmt->close();
Where am I missing people?