Jump to content

My_Sqli Error


vikram12345

Recommended Posts


<?php


// $goto = $_GET['goto'] ;
session_start() ;
$useremail = $_POST['emailfield'] ;
$passwording = $_POST['pwfield'] ;




$salt = "@cmiplpnp##" ;
$iterations = 4;
$hash = crypt($passwording,$salt);
for ($i = 0; $i < $iterations; ++$i)
{
   $hash = crypt($hash . $passwording,$salt);
}

echo $passwording ;
echo '<br>' ;
echo $hash ;
echo '<br>' ;
require ('sqliauth2.php') ;
/* create a prepared statement */
if ($stmt = $mysqli->prepare("SELECT * FROM userregistry WHERE email= ? AND password11=? ")) ;
{

   /* bind parameters for markers */
   $stmt->bind_param("ss",$email, $hash);

   /* execute query */
   $stmt->execute();



   /* bind result variables */
   $stmt->bind_result($email,$hash);
   $stmt->fetch();
   $row_cnt = $result->num_rows ;
   /* close statement */
   $stmt->close();
}

/* close connection */
$mysqli->close();

echo $row_cnt ;

?>

 

ERRORS ::::

 

Warning: mysqli_stmt::bind_result(): Number of bind variables doesn't match number of fields in prepared statement in D:\xampp\htdocs\bullet2\sqlilogincheck.phpon line 39

 

Notice: Undefined variable: result in D:\xampp\htdocs\bullet2\sqlilogincheck.php on line 41

 

Notice: Trying to get property of non-object in D:\xampp\htdocs\bullet2\sqlilogincheck.php on line 41

 

 

Trying to understand why, but no clue :(

HELP !!!

Edited by vikram12345
Link to comment
Share on other sites

That post from annarocco39 is just spam.

 

Your error msgs :

1st one :

$stmt->bind_param("ss",$email, $hash);

You are sending 3 paramaters to the query sting when you have only put 2 ? holders in place in the query string.

 

2nd and 3rd both relate to

$row_cnt = $result->num_rows

You have not defined $result as anything previous to this line. You have to define a variable before you can use it on the tight hand side of an assignment.

As the parser does not know what $result is, it can't access the object properties you think it should have.

Link to comment
Share on other sites

That post from annarocco39 is just spam.

 

Your error msgs :

1st one :

$stmt->bind_param("ss",$email, $hash);

You are sending 3 paramaters to the query sting when you have only put 2 ? holders in place in the query string.

 

2nd and 3rd both relate to

$row_cnt = $result->num_rows

You have not defined $result as anything previous to this line. You have to define a variable before you can use it on the tight hand side of an assignment.

As the parser does not know what $result is, it can't access the object properties you think it should have.

 

 

I solved the result issue .

 

Now i'm gettin this

 

Warning: mysqli_stmt::bind_result(): Number of bind variables doesn't match number of fields in prepared statement in D:\xampp\htdocs\bullet2\sqlilogincheck.phpon line 39

 

my current code :

 

// $goto = $_GET['goto'] ;
session_start() ;
$useremail = $_POST['emailfield'] ;
$passwording = $_POST['pwfield'] ;

$salt = "@cmiplpnp##" ;
$iterations = 4;
$hash = crypt($passwording,$salt);
for ($i = 0; $i < $iterations; ++$i)
{
   $hash = crypt($hash . $passwording,$salt);
}

echo $passwording ;
echo '<br>' ;
echo $hash ;
echo '<br>' ;
require ('sqliauth2.php') ;
/* create a prepared statement */
if ($stmt = $mysqli->prepare("SELECT * FROM userregistry WHERE email= ? AND password11=? ")) ;
{


   /* bind parameters for markers */
   $stmt->bind_param("ss",$email, $hash);


   /* execute query */
   $stmt->execute();




   /* bind result variables */
   $stmt->bind_result($email,$hash);
   $stmt->fetch();

   $row_cnt = $stmt->num_rows ;
   /* close statement */
   $stmt->close();
}


/* close connection */
$mysqli->close();


echo $row_cnt ;


?>

Link to comment
Share on other sites

SELECT * FROM 

You have only two fields in that table? If not, then this won't work:

$stmt->bind_result($email,$hash);

 

Always define the fields you want to retrieve from the database, and avoid using the "*" (all) selector. Not only for performance issues, but also because you'll avoid situations like these.

Edited by Christian F.
Link to comment
Share on other sites

SELECT * FROM 

You have only two fields in that table? If not, then this won't work:

$stmt->bind_result($email,$hash);

 

Always define the fields you want to retrieve from the database, and avoid using the "*" (all) selector. Not only for performance issues, but also because you'll avoid situations like these.

 

really sorry for buggin you guys, but what can I replace it with ?

any other changes required in the code ??

Link to comment
Share on other sites

you raplace * with the column names that you actualy want to retrieve. have a look at this example:

$sql = "SELECT firstName, lastName, idNumber FROM users where email = ? and pass = ?";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param($email, $hash);
$stmt->bind_results($firstName, $lastName, $idNumber);
echo " welcome $firstName $lastName, your ID Number is $idNumber";

you see how the results get bound to the variables in the same order they are selected in? if you select the whole table, then you will need to bind every result.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.