The obvious problem is that you have a syntax error in your
SELECT
statement - you need an
And
between the two conditions in your
WHERE
clause.
$sql = $conn->prepare('SELECT * FROM user WHERE name = ? AND pass = ?');
The slightly less obvious problem is that you are storing passwords incorrectly:
Secure Password Authentication Explained Simply[
^]
Salted Password Hashing - Doing it Right[
^]
PHP even has built-in functions to help you do the right thing:
PHP: password_hash[
^]
PHP: password_verify[
^]
If this is a real-world application, you need to fix that urgently - unless you have really deep pockets to pay the gigantic fines you'll be hit with for not handling your users' data securely.