I have the following function
public function checkLogin($username, $password){
$select_query = $this->connect()->prepare("SELECT `username` , `password` FROM `users`
WHERE `username` = :username AND `password` = :password");
$select_query->bindParam(':username', $username);
$select_query->bindParam(':password', $password);
try{
$select_query->execute();
} catch(Exception $ex) {
echo "An Error occured while checking for username!\n"; //user friendly message
logger($ex->getMessage());
}
return ($select_query->fetchColumn() > 0) ? true : false;
}
Which always returns nothing when $username is test and $password is password, and when I just run the sql from phpMyAdmin it gives the correct result. This is what I ran on phpMyAdmin
SELECT `username` , `password`
FROM `users`
WHERE `username` = 'test'
AND `password` = 'password'
The result returned being 1 user which is correct.
Try to specify the type of the parameters:
$select_query->bindParam(':username', $username, PDO::PARAM_STR);
$select_query->bindParam(':password', $password, PDO::PARAM_STR);
Also you can use bindValue
instead of bindParam
$select_query->bindValue(':username', $username);
$select_query->bindValue(':password', $password);
Take a second look at your sql statement:
"SELECT `username`, `password`
FROM `users`
WHERE `username` = :username AND `password` = :password"
Because you are searching on string data types, you need to wrap your :username and :password slugs in single quotes. Try that and it should do the trick.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.