Select and array

[Sunamena]

Hello everyone

I have a small problem with my code. I will show the most important parts of it and hope you guys can assist me

This is my code:

 

$sql = "SELECT * FROM brusers WHERE userName = '$userName' AND password = '$wachtwoord'";
                                
                                // Vraag alle resultaten op
                                    $stmt = $con -> prepare($sql); 
                    
                                    $deelStap=mysqli_query($con,$sql);

                                    $result=mysqli_fetch_all($deelStap,MYSQLI_NUM);
                                    // of: $result=mysqli_fetch_all($deelStap,MYSQLI_NUM);
                                    print_r($deelStap);


 

This is the print_r: 

mysqli_result Object ( [current_field] => 0 [field_count] => 12 [lengths] => [num_rows] => 0 [type] => 0 )


When i print_r($result) i get an empty array. How do i get $result as an array?
I am used to using PDO (i like it alot), my PDO code works fine on my localhost:


-- Connect with databasw with PDO

$db = new PDO('mysql:host=localhost:3307;dbname=handikrap', 'root', 'usbw');
    $db -> setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

--- code

$sql = "SELECT userID, userName, type, ban, laatstIngelogd, inlogPogingen FROM users WHERE userName = :userName AND passWord = :wachtwoord";

                $stmt = $db -> prepare($sql);
                $stmt -> bindParam(':userName', $userName, PDO::PARAM_INT);
                $stmt -> bindParam(':wachtwoord', $wachtwoord, PDO::PARAM_INT);
                        
                        
                $userName = htmlspecialchars($_POST["userName"]);
                $wachtwoord = htmlspecialchars(sha1($_POST["wachtwoord"]));
                        
                $stmt -> execute();                        
                        
                $row = $stmt -> fetch(PDO::FETCH_NUM);


but seems to not be supported on the webhost of one.com. Or did i do something wrong?
Should i stick with PDO or move on to mySqli?

They use MariaDB on one.com.


Thanks in advance

[justsomeguy]

When i print_r($result) i get an empty array. How do i get $result as an array?

It's an empty array because it's not returning any rows, because your WHERE clause doesn't match anything.  The result object shows that:

mysqli_result Object ( [current_field] => 0 [field_count] => 12 [lengths] => [num_rows] => 0 [type] => 0 )

but seems to not be supported on the webhost of one.com.

Why do you think it's not supported, do you get an error message?  One thing to point out is that you're saying the username and password are integers.

Also, you really need to hash your passwords instead of storing them in plain text.  PHP has a built-in password hashing library.

http://php.net/manual/en/function.password-hash.php

If you can, I would suggest sticking to PDO and prepared statements.

[Sunamena]

Thankyou very much for your reply!

Well, I will stick with PDO then. I managed to find a solution to make it work with PDO (and I am happy with that ).

I did get error messages, but not anymore. I think the problem was on my end (or i was not patient enough). 

At the top of my document, to keep it organised i check all my input from the post.
For the password i hash with sha1. Should i adopt using password_hash instead?

[Ingolme]

MD5 and SHA-1 are both considered too weak to be secure these days. The PHP manual itself advises against using them for hashing: http://php.net/sha1

Quote

Warning

It is not recommended to use this function to secure passwords, due to the fast nature of this hashing algorithm. See the Password Hashing FAQ for details and best practices.

Let PHP use password_hash to handle passwords, it uses much stronger hashing algorithms.