AND breaking mysqli prepared statement

[ricmetal]

hi everyone

im having a bit of a pickle with a prepared mysqli statement

the AND is breaking my code

if($stmt = $mysqli->prepare("SELECT id,user_email,user_activated FROM users WHERE user_email = ? AND user_pwd = ?")) {
$stmt->bind_param('ss', $emailSend, $md5pass);
$stmt->execute();
$stmt->bind_result($rtv_id, $rtv_email, $rtv_activated);
$stmt->fetch();
$userId = $rtv_id;
$userEmail = $rtv_email;
$userActive = $rtv_activated;
echo $userId;

if i remove the AND, and the rest of the attached code to the second variable (user_pwd) the whole code works. the userId is echoed correctly, else it just fetches the default 0 value of the column when i use the AND. echoing the userEmail for instance, also seems to bring out the default value when using AND because it returns nothing, which is in fact the default value for the column. without the AND is echoes the correct email.

 

i've searched for tutorials on prepared statements with the AND but only found one or two, and they both use the AND how i think i am using it.

 

the mysqli column user_pwd exists, and both bind_param vars exist in the code ($emailSend and $md5pass)

 

any idea why the AND is breaking?

 

the problem should be simple, its seems that its just the way the AND is being used but like i said, the few tuts i found online are setup the same way that i've set up mine.

 

thanks

[PFMaBiSmAd]

it just fetches the default 0 value of the column

There is no such thing. You either match row(s) or you don't. If you match a row(s), you get the data values that are stored in those row(s). If you don't match any rows, you get no data at all.

 

It is most likely that your user_pwd column is not large enough to hold a md5 value. Have you looked directly in your database table to make sure that there is a row(s) that exactly matches the values that are in $emailSend and $md5pass?

[ricmetal]

your were right my password column wasn't large enough to hold an md5 string.

thanks