Select query not returning properly
Question
I have the following function
public function checkLogin($username, $password){
$select_query = $this->connect()->prepare("SELECT `username` , `password` FROM `users`
WHERE `username` = :username AND `password` = :password");
$select_query->bindParam(':username', $username);
$select_query->bindParam(':password', $password);
try{
$select_query->execute();
} catch(Exception $ex) {
echo "An Error occured while checking for username!\n"; //user friendly message
logger($ex->getMessage());
}
return ($select_query->fetchColumn() > 0) ? true : false;
}
Which always returns nothing when $username is test and $password is password, and when I just run the sql from phpMyAdmin it gives the correct result. This is what I ran on phpMyAdmin
SELECT `username` , `password`
FROM `users`
WHERE `username` = 'test'
AND `password` = 'password'
The result returned being 1 user which is correct.
3 answers
solution1
0 ACCPTED 2014-02-03 10:33:48
Try to specify the type of the parameters:
$select_query->bindParam(':username', $username, PDO::PARAM_STR);
$select_query->bindParam(':password', $password, PDO::PARAM_STR);
solution2
0 2014-02-03 10:35:30
Also you can use bindValue instead of bindParam
$select_query->bindValue(':username', $username);
$select_query->bindValue(':password', $password);
solution3
0 2014-02-03 10:55:28
Take a second look at your sql statement:
"SELECT `username`, `password`
FROM `users`
WHERE `username` = :username AND `password` = :password"
Because you are searching on string data types, you need to wrap your :username and :password slugs in single quotes. Try that and it should do the trick.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.