prepare("SELECT * FROM Users WHERE Users_username = :username AND Users_password = :password"); $stmt->bindParam(":username", $username); $stmt->bindParam(":password", $password); $stmt->execute(); $result = $stmt->fetchAll(PDO::FETCH_ASSOC); if (count($result) > 0) { $_SESSION["username"] = $username; $_SESSION["admin"] = $result[0]["Users_admin"] === "1"; echo json_encode(array("message" => "ok")); } else { echo json_encode(array("message" => "Username or password is incorrect")); }