stackoom
  简体   繁体   中英

How can I return a pdo prepared statement to check if user exists, and then return there id from the database?

 原文  2011-12-05 17:47:15       php/ mysql/ pdo

Question

I'm trying to build a method to check if a user exists, and if they do, return their id from the database. In the past I've always used mysql_fetch_array after my query, and then I would use array_shift($result_array) to obtain the id. This is proven to be a chalenge with prepared statements. Here's a look at my method: 

<?php
require_once("db.php");

class User extends Database{

    public $dbFields = array('username', 'password');

    public $tableName = "users";
    public $id;
    public $username;
    public $password;

    // public function auth($user, $pass){
    //  $this->username = $user;
    //  $this->password = $pass;

    // }

    public function authenticate($username = '', $password = ''){
    if(!empty($username) && !empty($password)){
        $stmt  = "SELECT * FROM users ";
        $stmt .= "WHERE username =:username ";
        $stmt .= "AND password =:password ";
        $stmt  = $this->db->prepare($stmt); 
        if($result = $stmt->execute(array(':username' => $username, ':password' => $password))){
            if ($result = $stmt->fetch(PDO::FETCH_ASSOC)){
                return $result;
            } else {
                return print("false");
            }
        }else{
            return print("false false");
        }
    }
    }
}
?>

This might not be relevant, but heres the form page: 

if (isset($_POST['submit'])){
    $username = $_POST['username'];
    $password = $_POST['password'];
    $user = new User();
    $user->authenticate($username, $password);

}
?>
<html>
<head>
    <title>test</title>
</head>
<body>
<form action = "test.php" method= "POST" accept-charset="utf-8" >
 <p>Username
        <input type="text" name="username" maxlength="30" value="" />
     </p>
     <p>Password
        <input type="password" name="password" maxlength="30" value="" />
     </p>
     <p><input type="submit" name="submit" value="Continue &rarr;"></p>
</form>

</body>
</html>

I've been using pdo successfully on all of my other db methods so I really don't want to switch back to a standard mysql statement if I can help it. Any advice?

Edit: changed syntax in execute array as advised by Chris.

2 answers

solution1
 1 ACCPTED  2011-12-05 21:33:16

php doesnt expand variables in strings delimited by single quotes.

use something like 

array(':username' => $username, ':password' => $password)

Aside from that, your variable $result is an associative array just like you're used to. 

return $result['id'];

note, the print function returns the value of 1. I really don't think you want to be returning this value from your authenticate function. How will you tell if the 1 is someones user id, or if its the return value of print? return boolean false instead to indicate failure.

solution2
 0  2011-12-05 17:53:10

You want an output variable in your prepared statement. The syntax is generally:

Create Procedure PROCEDURE NAME (OUTPUTVARNAME DBTYPE out)

but its going to vary between database implementations. Try: http://www.php.net/manual/en/book.pdo.php#68398

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can I check if a user exists with PDO? Using Prepared Statement, how I return the id of the inserted row? How to return the results from a Mysqli prepared statement How can I use the same prepared statement for different tables in PDO? PHP/PDO: use simple prepared statement with query return/affected rows? How can I return LastInsertID from PDO whin a method of a class How to return max(id) in pdo How can I simply return objects in PDO? return a boolean from PHP prepared statement mssql pdo If Exists insert prepared statement in a loop
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM