check if row exists with PDO

Question

I am having trouble checking if a row exists to log someone in. The password is salted in the db using the password+ the email I am using PDO.

function is_valid_developer($username, $password)
{
    global $db;
    $query = 'SELECT COUNT(*) FROM users WHERE username = :username AND password = sha(CONCAT(:password,(SELECT email FROM users WHERE username = :password))) AND developer = true';
    $statement = $db->prepare($query);
    $statement->bindValue(':username', $username);
    $statement->bindValue(':password', $password);
    $statement->execute();
    $count = $statement->fetchColumn();
    if ($count === 1)
    {
        return TRUE;
    }
    else 
    {
        return FALSE;   
    }
}

Answer 1

Your subquery appears to be incorrect (see the WHERE username = :password clause), and will likely never return any results. Further, using the same bound parameter twice is not supported in PDO (you use :password twice). Besides that, you don't actually need a subquery at all; try this query:

SELECT COUNT(*) FROM users
WHERE username = :username
  AND password = sha(CONCAT(:password, email))
  AND developer;

Further, make sure you call $statement->closeCursor() after your call to $statement->fetchColumn() ; leaving PDO statement cursors open after you are done with them may cause the database to fail on all future queries .