My_Sqli Error

[vikram12345]

<?php


// $goto = $_GET['goto'] ;
session_start() ;
$useremail = $_POST['emailfield'] ;
$passwording = $_POST['pwfield'] ;




$salt = "@cmiplpnp##" ;
$iterations = 4;
$hash = crypt($passwording,$salt);
for ($i = 0; $i < $iterations; ++$i)
{
   $hash = crypt($hash . $passwording,$salt);
}

echo $passwording ;
echo '<br>' ;
echo $hash ;
echo '<br>' ;
require ('sqliauth2.php') ;
/* create a prepared statement */
if ($stmt = $mysqli->prepare("SELECT * FROM userregistry WHERE email= ? AND password11=? ")) ;
{

   /* bind parameters for markers */
   $stmt->bind_param("ss",$email, $hash);

   /* execute query */
   $stmt->execute();



   /* bind result variables */
   $stmt->bind_result($email,$hash);
   $stmt->fetch();
   $row_cnt = $result->num_rows ;
   /* close statement */
   $stmt->close();
}

/* close connection */
$mysqli->close();

echo $row_cnt ;

?>

 

ERRORS ::::

 

Warning: mysqli_stmt::bind_result(): Number of bind variables doesn't match number of fields in prepared statement in D:\xampp\htdocs\bullet2\sqlilogincheck.phpon line 39

 

Notice: Undefined variable: result in D:\xampp\htdocs\bullet2\sqlilogincheck.php on line 41

 

Notice: Trying to get property of non-object in D:\xampp\htdocs\bullet2\sqlilogincheck.php on line 41

 

 

Trying to understand why, but no clue

HELP !!!

[vikram12345]

The echoes are showing properly, but errors visible.

 

The last echo $row_cnt ; doesn't print .

 

and of course in between you have those errors .

[vikram12345]

added what ?

[Muddy_Funster]

That post from annarocco39 is just spam.

 

Your error msgs :

1st one :

$stmt->bind_param("ss",$email, $hash);

You are sending 3 paramaters to the query sting when you have only put 2 ? holders in place in the query string.

 

2nd and 3rd both relate to

$row_cnt = $result->num_rows

You have not defined $result as anything previous to this line. You have to define a variable before you can use it on the tight hand side of an assignment.

As the parser does not know what $result is, it can't access the object properties you think it should have.

[vikram12345]

That post from annarocco39 is just spam.

 

Your error msgs :

1st one :

$stmt->bind_param("ss",$email, $hash);

You are sending 3 paramaters to the query sting when you have only put 2 ? holders in place in the query string.

 

2nd and 3rd both relate to

$row_cnt = $result->num_rows

You have not defined $result as anything previous to this line. You have to define a variable before you can use it on the tight hand side of an assignment.

As the parser does not know what $result is, it can't access the object properties you think it should have.

 

 

I solved the result issue .

 

Now i'm gettin this

 

Warning: mysqli_stmt::bind_result(): Number of bind variables doesn't match number of fields in prepared statement in D:\xampp\htdocs\bullet2\sqlilogincheck.phpon line 39

 

my current code :

 

// $goto = $_GET['goto'] ;
session_start() ;
$useremail = $_POST['emailfield'] ;
$passwording = $_POST['pwfield'] ;

$salt = "@cmiplpnp##" ;
$iterations = 4;
$hash = crypt($passwording,$salt);
for ($i = 0; $i < $iterations; ++$i)
{
   $hash = crypt($hash . $passwording,$salt);
}

echo $passwording ;
echo '<br>' ;
echo $hash ;
echo '<br>' ;
require ('sqliauth2.php') ;
/* create a prepared statement */
if ($stmt = $mysqli->prepare("SELECT * FROM userregistry WHERE email= ? AND password11=? ")) ;
{


   /* bind parameters for markers */
   $stmt->bind_param("ss",$email, $hash);


   /* execute query */
   $stmt->execute();




   /* bind result variables */
   $stmt->bind_result($email,$hash);
   $stmt->fetch();

   $row_cnt = $stmt->num_rows ;
   /* close statement */
   $stmt->close();
}


/* close connection */
$mysqli->close();


echo $row_cnt ;


?>

[vikram12345]

How do i match the number of parameters sent ?

[Christian F.]

SELECT * FROM 

You have only two fields in that table? If not, then this won't work:

$stmt->bind_result($email,$hash);

 

Always define the fields you want to retrieve from the database, and avoid using the "*" (all) selector. Not only for performance issues, but also because you'll avoid situations like these.

[vikram12345]

SELECT * FROM 

You have only two fields in that table? If not, then this won't work:

$stmt->bind_result($email,$hash);

 

Always define the fields you want to retrieve from the database, and avoid using the "*" (all) selector. Not only for performance issues, but also because you'll avoid situations like these.

 

really sorry for buggin you guys, but what can I replace it with ?

any other changes required in the code ??

[Muddy_Funster]

you raplace * with the column names that you actualy want to retrieve. have a look at this example:

$sql = "SELECT firstName, lastName, idNumber FROM users where email = ? and pass = ?";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param($email, $hash);
$stmt->bind_results($firstName, $lastName, $idNumber);
echo " welcome $firstName $lastName, your ID Number is $idNumber";

you see how the results get bound to the variables in the same order they are selected in? if you select the whole table, then you will need to bind every result.