SELECT Help

@Joseph_WitchardOct 06.2008

[code=php]<?php

// start the session

session_name(‘pickles’); session_set_cookie_params(900); session_start();

// require the connectionn and salt settings

require_once(“path_to_connection”);

require_once(“path_to_salt”);

// connect to the database

$conn = sAccess();

// process the form

if (array_key_exists(‘login’, $_POST) && ! empty($_POST[‘login’])) { // create an empty array for missing fields

$missing = array ();

/* here, I’m going to create an array to hold the form fields. if the form fields are empty, I’ll add them to the $missing array. */ $fields = array (“F_Username”=>$_POST[‘username’], “F_Pwd”=>$_POST[‘pwd’]); foreach ($fields as $field=>$value) { if (empty($field)) { array_push($missing, $field); }

}

// if $missing is empty, continue the processing if (empty($missing)) { // assign the form fields to variables $username = md5($salt . md5($fields[“F_Username”] . $salt)); $pwd = md5($salt . md5($fields[“F_Pwd”] . $salt));

$query = “SELECT user_id, username FROM users WHERE username= ? AND pwd = ? LIMIT 1”;

// prepare the statement if ($stmt = $conn->prepare($query)) {

$stmt->bind_param(‘is’, $id, $username);

// execute if ($stmt->execute()) { $stmt->bind_result($id, $username); if ($stmt->fetch()) {

$_SESSION[‘news’] = true; $_SESSION[‘id’] = $id; $_SESSION[‘username’] = $username;

$stmt->close();

header(“Location: https://uhrebirth.com/staff/admin_center.php”);

exit; }

} } } }

?> [/code]

I can’t firgure out what’s wrong. When you try to login, it’s like it’s not able to pull anything out of the database, or else that the records in the database don’t exist. However, I checked my database, and they do indeed exist.

to post a comment

PHP

9 Comments(s) _↴

@sstalderOct 06.2008 — #$query = "SELECT user_id, username FROM users WHERE username= ? AND pwd = ? LIMIT 1";

echo $query;

Copy the query it outputs then paste it into phpMyAdmin - see if you get errors.

@ZnupiOct 06.2008 — #I don't really know MySQLi, but I know SQL. Try this cleaned up query:

SELECT <span><code>user_id</code></span>, <span><code>username</code></span> FROM <span><code>users</code></span> WHERE <span><code>username</code></span> = '?' AND pwd = '?' LIMIT 1

Or, I'm not sure how the MySQLi replaces question marks (whether or not it adds quotes around them), so you might need this:

SELECT <span><code>user_id</code></span>, <span><code>username</code></span> FROM <span><code>users</code></span> WHERE <span><code>username</code></span> = ? AND pwd = ? LIMIT 1

Try them both, if none works, let us know.

@Joseph_WitchardauthorOct 07.2008 — #Okay, so I made some edits after I realized some mistakes I made. I took out the password and username encryption for two reasons: 1) I wasn't completely sure if the password was updated correctly when I edited it last night, and 2) I don't know why I put encryption in for the username at all; it's not supposed to be encrypted. Even after removing those settings, it still did the same thing.

Znupi, I tried both of your ideas. I tried the second one first, and nothing changed; everything did exactly the same thing. So I tried your first idea, and this was output to the page after the form was submitted:

Warning: mysqli_stmt::bind_param() [mysqli-stmt.bind-param]: Number of variables doesn't match number of parameters in prepared statement in /home/.satchel/josephwitchard/uhrebirth.com/staff/admin_login.php on line 56[/QUOTE]

Maybe if I explain completely what happened it will help shed some light on the problem. Last night, I was experimenting with editing table fields in SQL and PHP. I must have been out of my mind last night, because for some reason I had it insert new values into the table instead of setting the query to change them. Ever since then, I have not been able to login due to the problem I'm having. However, I logged into my database today, and everything is still there, exactly as it should be. It doesn't look like it was affected at all by last night's mistake?

@NogDogOct 07.2008 — #First thing that jumps out at me is that the wildcards in the query are for values for username and pwd, but the variables you bind to them are $id and $username. Shouldn't you be binding $username and $pwd, instead? Also, do you actually MD5 hash the username in the database? I just ask because usually you only see the password being hashed.

@Joseph_WitchardauthorOct 07.2008 — #No, I don't. Like I said in my above post, that was a mistake. I have since corrected it.

Okay, so I've made some edits to my processing script. When this form is submitted, this error is displayed as output (without me being redirected to the right page):

Warning: mysqli_stmt::bind_param() [mysqli-stmt.bind-param]: Number of variables doesn't match number of parameters in prepared statement in /home/.satchel/josephwitchard/uhrebirth.com/staff/admin_login.php on line 56
[/QUOTE]

And THIS is my current code:

[code=php]<?php
 
 // start the session
 
 session_name('pickles');
 session_set_cookie_params(900);
 session_start();
 
 
 // require the connectionn and salt settings
 
 require_once("path_to_connection");
 
 // require_once("path_to_salt");
 
 // connect to the database
 
 $conn = sAccess();
 
 // process the form
 
 if (array_key_exists('login', $_POST) && !empty($_POST['login']))
 {
 // create an empty array for missing fields
 
  $missing = array();
 
  /* here, I'm going to create an
   array to hold the form fields.
   if the form fields are empty,
   I'll add them to the $missing
   array. */
  $fields = array("F_Username" => $_POST['username'], "F_Pwd" => $_POST['pwd']);
  foreach ($fields as $field => $value)
  {
   if (empty($field))
   {
   array_push($missing, $field);
   }
 
  }
 
  // if $missing is empty, continue the processing
  if (empty($missing))
  {
   // assign the form fields to variables
   $username2 = $fields["F_Username"];
   $pwd2 = $fields["F_Pwd"];
 
   $query = "SELECT user_id, username, pwd FROM users WHERE username = ? AND pwd = ? LIMIT 1";
 
   // prepare the statement
   if ($stmt = $conn->prepare($query))
   {
 
   $stmt->bind_param('iss', $id, $username2, $pwd2);
 
 
   // execute
   if ($stmt->execute())
   {
   $stmt->bind_result($id, $username2, $pwd2);
   if ($stmt->fetch())
   {
 
   $_SESSION['news'] = true;
   $_SESSION['id'] = $id;
   $_SESSION['username'] = $username2;
 
   $stmt->close();
 
 
 
   header("Location: https://uhrebirth.com/staff/admin_center.php");
 
 
   }
 
   }
   }
  }
 }
 
 ?>
 [/code]

More odd occurrences: Before I made the last edits, it seemed to be able to pull the data out, just not the right data and I'm not being redirected like I should be. I echoed out the username and id, and the username came out fine. However, the id came out as 0, when I know by looking in my database that it's 1.

@NogDogOct 07.2008 — #You only have 2 place-holders in your query, so there should only be two variables in the bind_param() function -- you can remove the $id and the corresponding "i". (The bind_result() is different, as there are 3 fields being selected for the output.)

@Joseph_WitchardauthorOct 07.2008 — #But the thing is I WANT to get the id out of the database.

@NogDogOct 07.2008 — #But the thing is I WANT to get the id out of the database.[/QUOTE]

Right, and that's handled by the bind_[B]result[/B]() call. The bind_[B]param[/B]() call is only for replacing the place-holders in the query.

@Joseph_WitchardauthorOct 07.2008 — #That did it. Thanks NogDog?

Also in #PHP _↴

Extensions and a shared server error in Recursive version of glob Sum of Variables

Success!

Help @Joseph_Witchard spread the word by sharing this article on Twitter...

Tweet This

SELECT Help

9 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

SELECT Help

9 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

9 Comments(s) _↴

Also in #PHP _↴