Strider64 Posted April 9, 2013 Share Posted April 9, 2013 (edited) While the below works, I want to improve it by using bind parameters. I know the $query string should have WHERE username=? at the end of the string. What I am stuck on is the prepare statement (Which should be the converted $query statement?) and the $stmt->bind_param('s', $user); portion of it. $query = "SELECT id, username, password, salt, email, confirmed FROM users WHERE username='$user'"; $result = $this->database->query($query); /* fetch values */ $row = $result->fetch_array(MYSQLI_ASSOC); $result->free(); /* close connection */ $this->database->close(); // The Above checks to see if the username is in the databese // The Belows checks the password. if($row) { I'm slowly grasping php and mysqli, but trying to convert this has me stumped. I must be having a brain fart. Any help would be greatly appreciated. Thanks John Edited April 9, 2013 by Strider64 Quote Link to comment https://forums.phpfreaks.com/topic/276738-trying-improve-my-login-code/ Share on other sites More sharing options...
mac_gyver Posted April 9, 2013 Share Posted April 9, 2013 there are excellent examples in the mysqli section of the php.net documentation. Quote Link to comment https://forums.phpfreaks.com/topic/276738-trying-improve-my-login-code/#findComment-1423764 Share on other sites More sharing options...
Solution Strider64 Posted April 9, 2013 Author Solution Share Posted April 9, 2013 (edited) Well, after thinking about this and doing some research on the web I solved this myself (btw going to php.net documentation does help a lot), in case anyone runs into a similar problem here's the solution: public function login_user( $user, $user_pwd, $login_ok) { /* create a prepared statement */ if ($stmt = $this->database->prepare("SELECT id, username, password, salt, email, confirmed FROM users WHERE username=?")) { /* bind parameters for markers */ $stmt->bind_param("s", $user); /* execute query */ $stmt->execute(); /* bind result variables */ $stmt->bind_result($row['id'], $row['username'], $row['password'], $row['salt'], $row['email'], $row['confirmed']); /* fetch value */ $stmt->fetch(); /* close statement */ $stmt->close(); } // The Above checks to see if the username is in the databese // The Belows checks the password. if($row) { Edited April 9, 2013 by Strider64 Quote Link to comment https://forums.phpfreaks.com/topic/276738-trying-improve-my-login-code/#findComment-1423788 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.