Sunamena Posted June 27, 2017 Share Posted June 27, 2017 Hello everyone I have a small problem with my code. I will show the most important parts of it and hope you guys can assist me This is my code: $sql = "SELECT * FROM brusers WHERE userName = '$userName' AND password = '$wachtwoord'"; // Vraag alle resultaten op $stmt = $con -> prepare($sql); $deelStap=mysqli_query($con,$sql); $result=mysqli_fetch_all($deelStap,MYSQLI_NUM); // of: $result=mysqli_fetch_all($deelStap,MYSQLI_NUM); print_r($deelStap); This is the print_r: mysqli_result Object ( [current_field] => 0 [field_count] => 12 [lengths] => [num_rows] => 0 [type] => 0 ) When i print_r($result) i get an empty array. How do i get $result as an array? I am used to using PDO (i like it alot), my PDO code works fine on my localhost:-- Connect with databasw with PDO $db = new PDO('mysql:host=localhost:3307;dbname=handikrap', 'root', 'usbw'); $db -> setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); --- code $sql = "SELECT userID, userName, type, ban, laatstIngelogd, inlogPogingen FROM users WHERE userName = :userName AND passWord = :wachtwoord"; $stmt = $db -> prepare($sql); $stmt -> bindParam(':userName', $userName, PDO::PARAM_INT); $stmt -> bindParam(':wachtwoord', $wachtwoord, PDO::PARAM_INT); $userName = htmlspecialchars($_POST["userName"]); $wachtwoord = htmlspecialchars(sha1($_POST["wachtwoord"])); $stmt -> execute(); $row = $stmt -> fetch(PDO::FETCH_NUM); but seems to not be supported on the webhost of one.com. Or did i do something wrong? Should i stick with PDO or move on to mySqli? They use MariaDB on one.com. Thanks in advance Link to comment Share on other sites More sharing options...
justsomeguy Posted June 27, 2017 Share Posted June 27, 2017 When i print_r($result) i get an empty array. How do i get $result as an array? It's an empty array because it's not returning any rows, because your WHERE clause doesn't match anything. The result object shows that: mysqli_result Object ( [current_field] => 0 [field_count] => 12 [lengths] => [num_rows] => 0 [type] => 0 ) but seems to not be supported on the webhost of one.com. Why do you think it's not supported, do you get an error message? One thing to point out is that you're saying the username and password are integers. Also, you really need to hash your passwords instead of storing them in plain text. PHP has a built-in password hashing library. http://php.net/manual/en/function.password-hash.php If you can, I would suggest sticking to PDO and prepared statements. Link to comment Share on other sites More sharing options...
Sunamena Posted June 28, 2017 Author Share Posted June 28, 2017 Thankyou very much for your reply! Well, I will stick with PDO then. I managed to find a solution to make it work with PDO (and I am happy with that ). I did get error messages, but not anymore. I think the problem was on my end (or i was not patient enough). At the top of my document, to keep it organised i check all my input from the post. For the password i hash with sha1. Should i adopt using password_hash instead? Link to comment Share on other sites More sharing options...
Ingolme Posted June 28, 2017 Share Posted June 28, 2017 MD5 and SHA-1 are both considered too weak to be secure these days. The PHP manual itself advises against using them for hashing: http://php.net/sha1 Quote Warning It is not recommended to use this function to secure passwords, due to the fast nature of this hashing algorithm. See the Password Hashing FAQ for details and best practices. Let PHP use password_hash to handle passwords, it uses much stronger hashing algorithms. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now