More MySQL Improved Trouble

[Joseph Witchard]

<?php

  // start the session
  
  session_name('pickles');
  session_set_cookie_params(900);
  session_start();

    
  // require the connectionn and salt settings
   
  require_once("path_to_connection");
  
  // require_once("path_to_salt");
  
  // connect to the database
   
  $conn = sAccess();
  
  // process the form
  
  if (array_key_exists('login', $_POST) && !empty($_POST['login']))
{
    // create an empty array for missing fields

    $missing = array();

    /* here, I'm going to create an
     array to hold the form fields.
     if the form fields are empty,
     I'll add them to the $missing
     array. */
    $fields = array("F_Username" => $_POST['username'], "F_Pwd" => $_POST['pwd']);
    foreach ($fields as $field => $value)
    {
        if (empty($field))
        {
            array_push($missing, $field);
        }
        
    }

    // if $missing is empty, continue the processing
    if (empty($missing))
    {
        // assign the form fields to variables
        $username2 = $fields["F_Username"];
        $pwd2 = $fields["F_Pwd"];

        $query = "SELECT `user_id`, `username`, pwd FROM `users` WHERE `username` = ? AND `pwd` = ? LIMIT 1";

        // prepare the statement
        if ($stmt = $conn->prepare($query))
        {
        
            $stmt->bind_param('iss', $id, $username2, $pwd2);


            // execute
            if ($stmt->execute())
            {
                $stmt->bind_result($id, $username2, $pwd2);
                if ($stmt->fetch())
                {
                    
                    $_SESSION['news'] = true;
                    $_SESSION['id'] = $id;
                    $_SESSION['username'] = $username2;
                    
                     $stmt->close();
                    
                    
                    
                    header("Location: https://uhrebirth.com/staff/admin_center.php");
                    
                   
                }
                
            }
        }
    }
}

?>


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
  "http://www.w3.org/TR/html4/loose.dtd">
<html>

<head>

   <title>Rebirth Test Page</title>

   <meta http-equiv="content-type" content="text/html; charset=utf-8">
   <meta http-equiv="cache-control" content="no-cache">
   
   <link href="/css/general.css" rel="stylesheet" type="text/css">
   
</head>

<body>

<div align="center">

   <form id="AdminLogIn" name="AdminLogIn" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
   
     <input type="text" id="username" name="username"><br>
     <label for="username">Username</label><br>
     <input type="password" id="pwd" name="pwd"><br>
     <label for="password">Password</label>
     
     <br><br>
     
     <input type="submit" id="login" name="login" value="Login">
     <input type="reset" value="Reset"><br><br>
     
     
   </form>
   
</div>

</body>

</html>

                  

 

When I submit the form, an error is output to the page (see below) and I am not redirected as I should be. What gives? ???

 

Warning: mysqli_stmt::bind_param() [mysqli-stmt.bind-param]: Number of variables doesn't match number of parameters in prepared statement in /home/.satchel/josephwitchard/uhrebirth.com/staff/admin_login.php on line 56

[ratcateme]

you query has room for 2 prams but you are specifying 3

so the number of variables don;t match

 

Scott.

[Joseph Witchard]

Thanks, I got it working