Okay, so I am in the process of trying to switch my query's to avoid sql injection, but something isn't working cause it never queries the DB. My query for some reason isn't working. I have copied it exactly from another stackoverflow question.
My PHP:
// QUERY THE DB
$stmt = $DBconnection->prepare('SELECT * FROM users WHERE username = '$username' AND password = '$password'');
$stmt->bind_param('s', $search);
$stmt->execute();
$result = $stmt->get_result();
if(mysqli_num_rows($result) > 0)
{
echo "Valid Login";
}