Mudsaf Posted August 27, 2013 Share Posted August 27, 2013 if ($stmt = $con->prepare("SELECT <username> FROM <accounts> WHERE <username> = ? AND <password> = ?")) {$username = <username>;$password = <password>;$stmt->bind_param('ss', $username, $password);$stmt->execute();$stmt->fetch();$rows = mysqli_stmt_num_rows($stmt);if ($rows == 1) {printf ("%s, %s", $username, $password);echo $rows;} else {printf ("%s, %s", $username, $password);echo $rows;}} I tried to figure out how to see if the query rows match but at the moment $rows displays 0 even with correct data. So how i check if user have logged in with prepared select query? Link to comment Share on other sites More sharing options...
thescientist Posted August 27, 2013 Share Posted August 27, 2013 (edited) i assume the real username and password are not as in the code, yes? One way to check your query is to print out the query, and run it via mysql command line, or in an application like MySQLWorkbench or phpMyAdmin and confirm if the query works directly against the DB. I think the issue is that your query is wrong. I would expect a SELECT statement to be something like: $sql = "SELECT someColumn FROM tableName WHERE username = {$username} and password = {$password}" Edited August 27, 2013 by thescientist Link to comment Share on other sites More sharing options...
Mudsaf Posted August 27, 2013 Author Share Posted August 27, 2013 (edited) so does { } prevent SQL injection? Yeah those are false data added here where is <data>. Edited August 27, 2013 by Mudsaf Link to comment Share on other sites More sharing options...
Ingolme Posted August 27, 2013 Share Posted August 27, 2013 Are you sure the field name is "<username>" rather than "username" and the table is "<accounts>" ? To count the rows, try $rows = $stmt->num_rows Link to comment Share on other sites More sharing options...
Mudsaf Posted August 28, 2013 Author Share Posted August 28, 2013 Year I'm sure those are correct data. $rows = $stmt->num_rows(); //Returned 0 aswell while data was correct @ Database.//Taste my code :/if ($stmt = $con->prepare("SELECT userName FROM ms_accounts WHERE userName = ? AND userPass = ?")) {$username = $_POST['username'];$password = md5($_POST['password']);$stmt->bind_param('ss', $username, $password);$stmt->execute();$stmt->fetch();$rows = $stmt->num_rows();if ($rows == 1) {printf ("%s, %s", $username, $password);echo $rows;} else {printf ("%s, %s", $username, $password);echo $rows;}} Getting no errors but rows = 0 Link to comment Share on other sites More sharing options...
Ingolme Posted August 28, 2013 Share Posted August 28, 2013 In object-oriented style, num_rows is a property, not a method, so it doesn't use the parentheses () Since PHP didn't throw any errors, I suppose that's not the problem. If the query says that no rows were returned that means that your query didn't return anything- Try to check the database through other means. Link to comment Share on other sites More sharing options...
Mudsaf Posted August 28, 2013 Author Share Posted August 28, 2013 (edited) Well i'm wondering what is method in MySQLi to check if user exists in database like in MySQL it was below. $result = mysql_query("SELECT * FROM accounts WHERE username = '$username' AND password = '$password'");$rows = mysql_num_rows($result);if ($rows == 1) {echo "User data found.";} The SQL query worked with data. SELECT * FROM ms_accounts WHERE userName = ? AND userPass = ? //This fixed my problemif($stmt->fetch()) {echo "SUCCESS";} else {echo "WRONG UNAME OR PW";} Edited August 28, 2013 by Mudsaf Link to comment Share on other sites More sharing options...
birbal Posted August 28, 2013 Share Posted August 28, 2013 bind_param should be either named parameter. where :user is place holder$stmt->bind_param(':user', $username); OR numeric place holder '?' . like...$stmt->bind_param(0, $username); or directly pass parameters to execute() $stmt->execute([$user,$password]); Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now