Trying to make a safe script with php [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.

---

Want to improve this question? Update开发者_Go百科 the question so it focuses on one problem only by editing this post.

Closed 1 hour ago.

Improve this question

I'm new with php, I would like to know if my login script it's safe and secure. I have been reading a lot of new thing in php. thank you.

<?php  
include ("sql.php");
session_start();

if ($_SERVER["REQUEST_METHOD"] == "POST") {
$usuario = mysqli_real_escape_string($conn, $_POST['usuario']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
    
    $sql = " SELECT `nombre`, `passwd`, `rol`, `id` FROM `usuarios` WHERE nombre=? AND passwd=? ";

    $stmt = $conn->prepare($sql);
    $stmt->bind_param("ss", $usuario,$password);
    $stmt->execute();
    $result = $stmt->get_result();
    
    if ($result->num_rows > 0) {

    while($row = $result->fetch_assoc()) {
        $_SESSION["user"] = htmlentities($row["nombre"], ENT_QUOTES);
        $_SESSION["id_del_user"] = htmlentities($row["id"], ENT_QUOTES);
        $_SESSION["rol"] = htmlentities($row["rol"], ENT_QUOTES);
        $conn->close();

        if($row["rol"] == 2){
            header("location: panel_user.php");
        } else {
            header("location: panel.php");
        }
        

        // header("location: panel.php");
    }
    
    } else {
        $conn->close();
        header("location: logout.php");
    }

}

?>

I'm trying to make and learn PHP in a safe way, so that I can program efficiently so that when I make my scripts I don't have any security problems.