jodunno Posted March 20, 2019 Share Posted March 20, 2019 Dear forum members, i am new to php, pdo and mysql. I have created a working login script/database. I read alot of material about this subject. Yes, i use hashed passwords and htmlentities() for display. Anyway, i am trying to implement a stored procedure for my login script. I cannot find good enough material about this subject as it should pertain to a login. here is what i have: $dbh = new PDO(etc etc); $query = 'SELECT id, username, password FROM user_accounts WHERE username = :inputUsername'; $stmt = $dbh->prepare($query); $stmt->execute(array(':inputUsername' => $username)); $results = $stmt->fetch(); then i assign variables to the fetched data. i compare username and password, if accepted, set session variable for login. i want to convert this to a stored procedure. I understand to type the following data but i don't see how it returns the data with a fetch. DELIMITER $$ CREATE PROCEDURE validateUser() BEGIN SELECT id, username, password FROM user_accounts WHERE username = // what do i put here to pass a variable? // ; END $$ DELIMITER ; Will someone please offer a clue? i don't know how to make this work. I just want to return the id, username and password for validation based upon whether or not a username exists. Thank you. Quote Link to comment https://forums.phpfreaks.com/topic/308488-stored-procedure-for-php-pdo-login/ Share on other sites More sharing options...
Barand Posted March 20, 2019 Share Posted March 20, 2019 try DELIMITER $$ CREATE PROCEDURE `validateUser`(user varchar(30)) BEGIN SELECT id, username, password FROM user_account WHERE username = user; END$$ DELIMITER ; then $user = $_POST['username']; $pwd = $_POST['password']; $res = $db->query("CALL validateUser('$user')"); $user_data = $res->fetch(); if (password_verify($pwd, $user_data['password']) { // password and user OK } Quote Link to comment https://forums.phpfreaks.com/topic/308488-stored-procedure-for-php-pdo-login/#findComment-1565401 Share on other sites More sharing options...
jodunno Posted March 20, 2019 Author Share Posted March 20, 2019 Hello Barand, Thank you for replying. I've tried to enter the procedure that you've posted and i am getting an error 1064 (4200) SQL syntax error. I do not know why i cannot get a procedure to work. I am using xampp with mysql MariaDB if it helps. My terminal shows MariaDB> Quote Link to comment https://forums.phpfreaks.com/topic/308488-stored-procedure-for-php-pdo-login/#findComment-1565405 Share on other sites More sharing options...
Barand Posted March 20, 2019 Share Posted March 20, 2019 What is the whole error message? Quote Link to comment https://forums.phpfreaks.com/topic/308488-stored-procedure-for-php-pdo-login/#findComment-1565406 Share on other sites More sharing options...
jodunno Posted March 20, 2019 Author Share Posted March 20, 2019 The error is always near the SELECT statement at line 1 Quote Link to comment https://forums.phpfreaks.com/topic/308488-stored-procedure-for-php-pdo-login/#findComment-1565410 Share on other sites More sharing options...
jodunno Posted March 20, 2019 Author Share Posted March 20, 2019 ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''validateUser'(user_name varchar(127)) BEGIN SELECT id, username, password F' at line 1 I've tried many different methods and they all fail at the SELECT or FROM statements. Quote Link to comment https://forums.phpfreaks.com/topic/308488-stored-procedure-for-php-pdo-login/#findComment-1565412 Share on other sites More sharing options...
Barand Posted March 20, 2019 Share Posted March 20, 2019 Do you already have a "validateUser" procedure? If so, try DROP procedure IF EXISTS `validateUser`; DELIMITER $$ CREATE PROCEDURE `validateUser`(user varchar(30)) BEGIN SELECT id, username, password FROM user_account WHERE username = user; END$$ DELIMITER ; Quote Link to comment https://forums.phpfreaks.com/topic/308488-stored-procedure-for-php-pdo-login/#findComment-1565416 Share on other sites More sharing options...
jodunno Posted March 20, 2019 Author Share Posted March 20, 2019 (edited) no, i've allready ran a drop just to be sure. HOWEVER, i got mysql to accept the procedure. Now it shows a query ok. Here is what i've typed: DELIMITER // CREATE PROCEDURE validateUser(IN user_name varchar(127)) BEGIN SELECT id, username, password FROM user_accounts WHERE username = user_name; END // DELIMITER ; i saw someone used IN with the procedure. is this correct? but i also removed the single quotes surrounding validateUser. Perhaps i should delete the procedure and try it again without IN because i cannot login to my app now. I will tinker with this to see if i can pinpoint a problem. Edited March 20, 2019 by jodunno Quote Link to comment https://forums.phpfreaks.com/topic/308488-stored-procedure-for-php-pdo-login/#findComment-1565419 Share on other sites More sharing options...
Barand Posted March 20, 2019 Share Posted March 20, 2019 The single quotes were actually backticks, but as validateUser isn't a reserved SQL keyword they are optional. Also the IN appears to be optional with MySql but I cannot vouch for MariaDB Quote Link to comment https://forums.phpfreaks.com/topic/308488-stored-procedure-for-php-pdo-login/#findComment-1565422 Share on other sites More sharing options...
jodunno Posted March 20, 2019 Author Share Posted March 20, 2019 well the query is ok so i will just ti nker with the pdo to get the login working. I thank you for your help, Barand. You are very kind to spend your valuable time helping me. At least i got the procedure to be accepted because of your efforts. Thank you again. Quote Link to comment https://forums.phpfreaks.com/topic/308488-stored-procedure-for-php-pdo-login/#findComment-1565424 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.