Jump to content

Prepared select query login


Mudsaf
 Share

Recommended Posts

if ($stmt = $con->prepare("SELECT <username> FROM <accounts> WHERE <username> = ? AND <password> = ?")) {$username = <username>;$password = <password>;$stmt->bind_param('ss', $username, $password);$stmt->execute();$stmt->fetch();$rows = mysqli_stmt_num_rows($stmt);if ($rows == 1) {printf ("%s, %s", $username, $password);echo $rows;} else {printf ("%s, %s", $username, $password);echo $rows;}}

I tried to figure out how to see if the query rows match but at the moment $rows displays 0 even with correct data. So how i check if user have logged in with prepared select query?

Link to comment
Share on other sites

i assume the real username and password are not as in the code, yes?

 

One way to check your query is to print out the query, and run it via mysql command line, or in an application like MySQLWorkbench or phpMyAdmin and confirm if the query works directly against the DB.

 

I think the issue is that your query is wrong. I would expect a SELECT statement to be something like:

$sql = "SELECT someColumn FROM tableName WHERE username = {$username} and password = {$password}"
Edited by thescientist
Link to comment
Share on other sites

Year I'm sure those are correct data.

$rows = $stmt->num_rows(); //Returned 0 aswell while data was correct @ Database.//Taste my code :/if ($stmt = $con->prepare("SELECT userName FROM ms_accounts WHERE userName = ? AND userPass = ?")) {$username = $_POST['username'];$password = md5($_POST['password']);$stmt->bind_param('ss', $username, $password);$stmt->execute();$stmt->fetch();$rows = $stmt->num_rows();if ($rows == 1) {printf ("%s, %s", $username, $password);echo $rows;} else {printf ("%s, %s", $username, $password);echo $rows;}}

Getting no errors but rows = 0

Link to comment
Share on other sites

In object-oriented style, num_rows is a property, not a method, so it doesn't use the parentheses ()

 

Since PHP didn't throw any errors, I suppose that's not the problem. If the query says that no rows were returned that means that your query didn't return anything- Try to check the database through other means.

Link to comment
Share on other sites

Well i'm wondering what is method in MySQLi to check if user exists in database like in MySQL it was below.

$result = mysql_query("SELECT * FROM accounts WHERE username = '$username' AND password = '$password'");$rows = mysql_num_rows($result);if ($rows == 1) {echo "User data found.";}

The SQL query worked with data.

SELECT * FROM ms_accounts WHERE userName = ? AND userPass = ?
//This fixed my problemif($stmt->fetch()) {echo "SUCCESS";} else {echo "WRONG UNAME OR PW";}
Edited by Mudsaf
Link to comment
Share on other sites

bind_param should be either named parameter. where :user is place holder$stmt->bind_param(':user', $username);

 

OR

 

numeric place holder '?' . like...$stmt->bind_param(0, $username);

 

or directly pass parameters to execute()

$stmt->execute([$user,$password]);

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...