Prepared statement for login function PHP

Question

I am trying to write a parametrised login function in PHP. The function should get the $id and $pass bind and execute statement and return an associative array from the database with $id, $password, $user_first_name. Checking for user id and password validation, if true the session should start and set the session with the username from the database. For some reason I can't get this working. Any suggestions? Thanks!

public function logIn($id, $password)

            {
                $stmt = $this->link->prepare("SELECT user_id, user_name, user_password FROM Users WHERE user_id = ? ");
                $stms->bind_param('i', $user_id);
                if ($stmt->execute())
                {
                    $result = $stmt->get_result();
                    while($row = $result->fetch_array(MYSQLI_ASSOC))
                        { 
                        $dbuser_id = $row['user_id'];
                        $dbpassword = $row['user_password'];
                        $dbuser_first_name = $row['user_first_name'];
                        }


                        if($id == $dbuser_id and $password == $dbpassword)
                        {
                            session_start();
                            $_SESSION['session_user_first_name'] = $dbuser_first_name;
                        }
                        else
                        {
                            session_unset();
                            echo "Credentials do not match";
                        }
                }   

            }

Answer 1

You have

$stms->bind_param('i', $user_id);

But your function signature is:

public function logIn($id, $password)

So you probably want:

$stms->bind_param('i', $id);

Answer 2

Have a look at $stms->bind_param('i', $user_id); :

• stms should be stmt
• $user_id should be $id
• ...