cybershit Posted May 18, 2020 Share Posted May 18, 2020 ............. else if(empty($password)){ $errorMsg[]="please enter password"; } else { try { $select_stmt=$db->prepare("SELECT * FROM tbl_user WHERE username=:uname OR email=:uemail"); $select_stmt->execute(array(':uname'=>$username, ':uemail'=>$email)); $row=$select_stmt->fetch(PDO::FETCH_ASSOC); if($select_stmt->rowCount() > 0) { if($username==$row["username"] OR $email==$row["email"]) { if(password_verify($password, $row["password"])) { $_SESSION["user_login"] = $row["user_id"]; //---------------- $pdo_statement=$db->prepare("update tbl_user set logins=7 where user_id=2"); $result = $pdo_statement->execute(); //---------------- $loginMsg = "Successfully Login..."; header("refresh:2; welcome.php"); } else hey guys iam starting to learn during this crysis php :-). I got stucked with this pdo style..... i like to count logins, i tryed and figured out i can use the id... but my question is how can replace this "where user_id=2" to get the specific ID for the current user login in? the count function i i know how to make the... first i want to know how to write the syntax of this pdo...... thank you :-) Quote Link to comment Share on other sites More sharing options...
Barand Posted May 18, 2020 Share Posted May 18, 2020 The same way that you did with the username and email in the first query. Quote Link to comment Share on other sites More sharing options...
cybershit Posted May 18, 2020 Author Share Posted May 18, 2020 (edited) lol i got it.... $pdo_statement=$db->prepare("update tbl_user set logins=7 WHERE user_id = '".$_SESSION['user_login']['user_id']."';"); thank you SIR 🙂 lol the syntax is sometimes little crazy xDD Edited May 18, 2020 by cybershit Quote Link to comment Share on other sites More sharing options...
Barand Posted May 18, 2020 Share Posted May 18, 2020 1 ) That isn't how you did it in the first query. 2 ) It's wrong. 3 ) Never put variables into a query. That's why "prepare" is used. Quote Link to comment Share on other sites More sharing options...
cybershit Posted May 18, 2020 Author Share Posted May 18, 2020 ah ok good to know ^^ than wait i have to raed little bit.... Quote Link to comment Share on other sites More sharing options...
gizmola Posted May 18, 2020 Share Posted May 18, 2020 1 hour ago, cybershit said: update tbl_user set logins=7 WHERE user_id = '" It is not complicated. Use a parameter: $pdo_statement=$db->prepare("update tbl_user set logins=7 where user_id=:userId"); $result = $pdo_statement->execute(array(':userId' => $_SESSION['user_login']['user_id'])); Also, you do not ever need to have a ';' at the end of your SQL query. Using the API is not the same as being in the mysql command line client -- each statement is going to be sent for you. Quote Link to comment Share on other sites More sharing options...
cybershit Posted May 18, 2020 Author Share Posted May 18, 2020 no you are right SIR its not very complicated but the syntax is really crazy for beginner ...... but i have one last question please... $login_counter = $row['logins'] +1; //------your code ---------- $pdo_statement=$db->prepare("update tbl_user set logins=$login_counter where user_id=:userId"); $result = $pdo_statement->execute(array(':userId' => $_SESSION['user_login']['user_id'])); // ------my code --------- $sql = $db->prepare("UPDATE tbl_user SET logins=$login_counter WHERE user_id = '".$_SESSION['user_login']['user_id']."';"); $sql->execute(); what is finally the difference in the point 3 ) Never put variables into a query. That's why "prepare" is used. ? Quote Link to comment Share on other sites More sharing options...
Phi11W Posted May 19, 2020 Share Posted May 19, 2020 17 hours ago, cybershit said: 3 ) Never put variables into a query. That's why "prepare" is used. ? Obligatory XKCD reference: Little Bobby Tables Regards, Phill W. Quote Link to comment Share on other sites More sharing options...
Barand Posted May 19, 2020 Share Posted May 19, 2020 18 hours ago, cybershit said: what is finally the difference in the point At the risk of stating the bleedin' obvious, the first set of code above uses a placeholder (:userId) and passes the user id value in the execute() call. This is the correct way to use prepare(). The second puts the user id value directly into the query string. BTW, you stored the user id in $_SESSION[''user_login'] and not in $_SESSION['user_login']['user_id']. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.