Jump to content

ready code for login page Prepared Statements + AES encryption

phpretarded

By phpretarded
in PHP Coding Help

 Share

Recommended Posts

phpretarded Newbie

phpretarded

Posted
Posted

Hello

 

This code is not printing out any results I cant see where the bug is. Everything is well commented for easy reading  :facewall:

 


//  1. Create Mysqli object

$db = new mysqli('localhost', 'root', '', 'developers');

// 2. Writing the query select statement

$q  = "SELECT company FROM accesoweb WHERE username = AES_DECRYPT(?, 'salt')";

// 3. Prepare the statement in MySQL assigning the results to a PHP variable 

$stmt = mysqli_prepare($db, $q); // At this point MySQL has parsed the query, but, of course, it has not executed it

//4. BINDING THE PARAMETERS

mysqli_stmt_bind_param($stmt, 's', $username);

// 5. EXECUTING THE STATEMENT

mysqli_execute($stmt);    

//6. FETCHING THE VALUES

    while( $stmt->fetch() )
    {
        printf("%s\n", $company);   // Nothing is printed out
    }
     

jcbones Newbie

jcbones

Posted
Posted

2 things.

It is mysqli_stmt_execute, and you need to bind the results.

 

// 5. EXECUTING THE STATEMENT

mysqli_stmt_execute($stmt);  
//Bind the result.
mysqli_stmt_bind_result($stmt,$company);

 

OR, just keep it all in OOP.

//4. BINDING THE PARAMETERS

$stmt->bind_param('s', $username);


// 5. EXECUTING THE STATEMENT

$stmt->execute();    

//Bind Result;

$stmt->bind_result($company);

 

 

phpretarded Newbie

phpretarded

Posted
  • Author
Posted

 

Thank you for the reply. I still am not getting it working, but as I see, the reason is that I had mixed code procedural and OOP.

 

Updated: forgot to include the binding of the param. I have added it now

 


/ 1. Create a new server connection
$mysqli = new mysqli('localhost', 'root', '', 'developers');


// 2. Create a query

$query = "SELECT company FROM accesoweb WHERE username = AES_DECRYPT(?, 'salt')";

// 3. Create a statement object

$stmt = $mysqli->stmt_init();


$stmt->bind_param('s', $username);    


// 4. Prepare the statement for execution

$stmt->prepare($query);


// 5. Execute the statement

$stmt->execute();

// 6. Bind the results parameters


$stmt->bind_result($company);


// 7. Cyle through the results and output the data


while($stmt->fetch())

printf("%s", $company);

// 8. Recuperate the statement resources

$stmt->close();
       

phpretarded Newbie

phpretarded

Posted
  • Author
Posted

Another version that should work, but it doesn't

 

// 1. Creating a new server connection

 

$db = new mysqli('localhost', 'root', '', 'developers');

 

// 2. Creating statement object

$stmt = $db->stmt_init();

 

// 3. Creating a prepared statement

if($stmt->prepare("SELECT company FROM developers WHERE username = AES_DECRYPT(?, 'whatever')")) {

 

//4.  Binding the variable to replace the ?

    $stmt->bind_param('s', $username);

 

//5.  Executing query

    $stmt->execute();

   

   

// 6.  Binding the result columns to variables

    $stmt->bind_result($company);

   

   

// 7. Fetching the result of the query

    while($stmt->fetch()) {

        echo $company; // John Doe - Unknown...

    }

 

// 8. Closing the statement object

  $stmt->close();

}

   

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.