Jump to content

cant login using pdo

subhomoy

By subhomoy
in PHP Coding Help

 Share

Recommended Posts

subhomoy Regular Member

subhomoy

Posted
Posted

hello every1

 

I am creating a login script using pdo.. The problem i;m facing is that inspite of giving the right login details, it shows "wrong username / password."

 

The pdo code is shown below

function login_members($uname,$pwd,$type)
    {
        $q = $this->connect()->prepare("SELECT * FROM members WHERE username='?' AND password='?' AND type='?' LIMIT 1");
              $q->bindParam(1, $username,PDO::PARAM_STR);
              $q->bindParam(2, $pwd,PDO::PARAM_STR);
              $q->bindParam(3, $type,PDO::PARAM_STR);
              
              if($q->execute())
              {
                  $row = $q->fetch(PDO::FETCH_ASSOC);
                  if(($row['username']===$uname) && ($row['password']===$pwd))
                  {
                      return TRUE;
                  }
                  else
                  {
                      return FALSE;
                  }                     
              }
              else
              {
                  return FALSE;
              }
    }

in the main page

if($pdo->login_members($uname,$pwd,$type))
   {
        echo "<div class='correct_message' style='display:block'>You have been successfully logged in...</div>";
   }
else
   {
      echo "<div class='error_message' style='display:block'>wrong username / password</div>";
   }

Any help will be greatly appreciated....

 

 

Link to comment
Share on other sites
Jacques1 Prolific Member

Jacques1

Posted
Posted

You mustn't enclose the parameters in quotes. In the query above, there are actually no parameters at all. You're literally asking for the user whose name, password and type is a question mark.

 

There are two other things:

  • Why do you again check the username and password after you've retrieved the row? You know the values already, because you've selected the row based on the username and password.
  • You really cannot store passwords as plaintext, even if this is just a school project, a hobby site or whatever.
Link to comment
Share on other sites
mogosselin Newbie

mogosselin

Posted
Posted

That line:

$q = $this->connect()->prepare("SELECT * FROM members WHERE username='?' AND password='?' AND type='?' LIMIT 1");

Should be

$q = $this->connect()->prepare("SELECT * FROM members WHERE username=? AND password=? AND type=? LIMIT 1");

You are calling the bind parameter like this:

$q->bindParam(1, $username,PDO::PARAM_STR);

And you are telling PDO that your parameter is a string (PARAM_STR). The bindParam function is intelligent enough to know that it should add quotes around the value. For example, if it was a number, it won't add quotes in the query.

 

 

To check if the rows exists, can't you use something like this?

$rows = $result->fetch(PDO::FETCH_NUM);
if($rows == 1) {
// one row was returned, the credentials are OK
} else {
// credentials not ok (or 2 or more rows with the same credentials, which would be weird)
}
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.