Jump to content

Trying improve my login code

Strider64

By Strider64
in PHP Coding Help

Recommended Posts

Strider64 Advanced Member

Strider64

Posted
Posted

While the below works, I want to improve it by using bind parameters. I know  the $query string should have WHERE username=? at the end of the string. What I am stuck on is the prepare statement (Which should be the converted $query statement?) and the $stmt->bind_param('s'$user);  portion of it.

        $query = "SELECT id, username, password, salt, email, confirmed FROM users WHERE username='$user'";                
                                  
    
        $result = $this->database->query($query);            
        
        /* fetch values */
        $row = $result->fetch_array(MYSQLI_ASSOC);
                
        $result->free();

        /* close connection */
          $this->database->close();    

        // The Above checks to see if the username is in the databese
        // The Belows checks the password.
        if($row)
        {
            
     

I'm slowly grasping php and mysqli, but trying to convert this has me stumped. I must be having a brain fart. :tease-03:

 

Any help would be greatly appreciated.

 

Thanks John

Link to comment
https://forums.phpfreaks.com/topic/276738-trying-improve-my-login-code/
Share on other sites
Strider64 Advanced Member

Strider64

Posted
  • Author
Posted

Well, after thinking about this and doing some research on the web I solved this myself (btw going to php.net documentation does help a lot), in case anyone runs into a similar problem here's the solution:

    public function login_user( $user, $user_pwd, $login_ok)
    {
        
        /* create a prepared statement */
        if ($stmt = $this->database->prepare("SELECT id, username, password, salt, email, confirmed FROM users WHERE username=?")) {
       
            /* bind parameters for markers */
            $stmt->bind_param("s", $user);
       
            /* execute query */
            $stmt->execute();
       
            /* bind result variables */
            $stmt->bind_result($row['id'], $row['username'], $row['password'], $row['salt'], $row['email'], $row['confirmed']);
       
            /* fetch value */
            $stmt->fetch();
       
       
            /* close statement */
            $stmt->close();
        }
                

        // The Above checks to see if the username is in the databese
        // The Belows checks the password.
        if($row)
        {

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.