Jump to content

Trying improve my login code


Go to solution Solved by Strider64,

Recommended Posts

While the below works, I want to improve it by using bind parameters. I know  the $query string should have WHERE username=? at the end of the string. What I am stuck on is the prepare statement (Which should be the converted $query statement?) and the $stmt->bind_param('s'$user);  portion of it.

        $query = "SELECT id, username, password, salt, email, confirmed FROM users WHERE username='$user'";                
                                  
    
        $result = $this->database->query($query);            
        
        /* fetch values */
        $row = $result->fetch_array(MYSQLI_ASSOC);
                
        $result->free();

        /* close connection */
          $this->database->close();    

        // The Above checks to see if the username is in the databese
        // The Belows checks the password.
        if($row)
        {
            
      

I'm slowly grasping php and mysqli, but trying to convert this has me stumped. I must be having a brain fart. :tease-03:

 

Any help would be greatly appreciated.

 

Thanks John

Edited by Strider64
Link to comment
https://forums.phpfreaks.com/topic/276738-trying-improve-my-login-code/
Share on other sites

  • Solution

Well, after thinking about this and doing some research on the web I solved this myself (btw going to php.net documentation does help a lot), in case anyone runs into a similar problem here's the solution:

    public function login_user( $user, $user_pwd, $login_ok)
    {
        
        /* create a prepared statement */
        if ($stmt = $this->database->prepare("SELECT id, username, password, salt, email, confirmed FROM users WHERE username=?")) {
       
            /* bind parameters for markers */
            $stmt->bind_param("s", $user);
       
            /* execute query */
            $stmt->execute();
       
            /* bind result variables */
            $stmt->bind_result($row['id'], $row['username'], $row['password'], $row['salt'], $row['email'], $row['confirmed']);
       
            /* fetch value */
            $stmt->fetch();
       
       
            /* close statement */
            $stmt->close();
        }
                

        // The Above checks to see if the username is in the databese
        // The Belows checks the password.
        if($row)
        {
Edited by Strider64
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.