JC99 Posted July 12, 2009 Share Posted July 12, 2009 Hello everyone, I am having a problem getting my "prepared statements" working. Here is my setup... index.php -> authenticate.php -> admin.php 1)index.php has a login form on it so when someone enters their username the form redirects to another page I call authenticate.php. 2)In the authenticate.php file I want to use prepared statements to interact with the MySQL database. I want to compare the username submitted from the form with the username in the database. 3)If the login username was legitimate then you are forwarded to admin.php Here is what I have but I don't think it makes any sense and it doesn't work. $link = mysqli_connect($hostname, $dbusername, $password, $database); $stmt = mysqli_prepare($link, "SELECT * FROM administrators WHERE adminusers=?"); mysqli_stmt_bind_param($stmt, 'ss', $username); $result = mysqli_stmt_execute($stmt); $count=mysqli_num_rows($result); if($count==1){ header("location:admin.php"); } else { echo "Failure"; } Any help is appreciated. Link to comment https://forums.phpfreaks.com/topic/165656-solved-select-and-prepared-statements/ Share on other sites More sharing options...
JC99 Posted July 12, 2009 Author Share Posted July 12, 2009 ok, I have the following code using mysqli but it is not using prepared statements. Anyone know how I can modify it to use prepared statements? <?php $connect = mysqli_connect($hostname, $username, $password, $database); $sql="SELECT * FROM administrators WHERE adminusers='$adminuser'"; $result=mysqli_query($connect, $sql); $count=mysqli_num_rows($result); if($count==1){ header("location:admin.php"); } else { echo "Failure"; } ?> Link to comment https://forums.phpfreaks.com/topic/165656-solved-select-and-prepared-statements/#findComment-873892 Share on other sites More sharing options...
Philip Posted July 12, 2009 Share Posted July 12, 2009 It's been a while, and this is untested.... but: $query = "SELECT * FROM administrators WHERE adminusers=?"; if($dbh = $connect->prepare($query)) { // bind the parameters: $dbh->bind_param('s', $adminuser); // execute $dbh->execute(); if(!$connect->error) { while($row = $dbh->fetch_assoc()) { echo $row['column']; // echo a row, or whatever you want to do. } } else { echo $connect->error; } } Link to comment https://forums.phpfreaks.com/topic/165656-solved-select-and-prepared-statements/#findComment-873893 Share on other sites More sharing options...
JC99 Posted July 12, 2009 Author Share Posted July 12, 2009 ok, I am new to programming so I don't understand what you are doing plus it didn't work. Thanks anyways Link to comment https://forums.phpfreaks.com/topic/165656-solved-select-and-prepared-statements/#findComment-873904 Share on other sites More sharing options...
Philip Posted July 12, 2009 Share Posted July 12, 2009 Well, what errors did it give? The way I did it is the way I'm used to, OOP style. Do the following comments help: // Create the query string, notice the ? as a placeholder $query = "SELECT * FROM administrators WHERE adminusers=?"; // Prepare the statement, but only run it if it doesn't fail if($dbh = $connect->prepare($query)) { // If we are here, then the prep didn't fail... // bind the parameters (I'm guessing $adminuser is a string, thus the 's') $dbh->bind_param('s', $adminuser); // execute your query $dbh->execute(); // As long as there wasn't an error, if(!$connect->error) { // We should loop through the results while($row = $dbh->fetch_assoc()) { // and echo the row, or whatever. echo $row['column']; } } else { // but if we got here, there was an error. echo $connect->error; } } else { // and if we got here, the prepare call didn't work. so lets see why: echo $connect->error; } Link to comment https://forums.phpfreaks.com/topic/165656-solved-select-and-prepared-statements/#findComment-873913 Share on other sites More sharing options...
JC99 Posted July 12, 2009 Author Share Posted July 12, 2009 ok, I have it working now. For anyone reading this post and needing help here is what I have... $link = mysqli_connect($hostname, $username, $password, $database); $stmt = mysqli_prepare($link, "SELECT * FROM administrators WHERE adminusers=?"); mysqli_stmt_bind_param($stmt, "s", $adminuser); $result = mysqli_stmt_execute($stmt); mysqli_stmt_store_result($stmt); $count = mysqli_stmt_num_rows($stmt); KingPhillip: Thanks for commenting your code, but I am new to programming and PHP and have not yet learned OOP style :-) Link to comment https://forums.phpfreaks.com/topic/165656-solved-select-and-prepared-statements/#findComment-874118 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.