Jump to content
cybershit

counting logins

Recommended Posts

	
.............

else if(empty($password)){
		$errorMsg[]="please enter password";
	}
	else
	{
		try
		{
			$select_stmt=$db->prepare("SELECT * FROM tbl_user WHERE username=:uname OR email=:uemail");
			$select_stmt->execute(array(':uname'=>$username, ':uemail'=>$email));
			$row=$select_stmt->fetch(PDO::FETCH_ASSOC);
			
			if($select_stmt->rowCount() > 0)
			{
				if($username==$row["username"] OR $email==$row["email"])
				{
					if(password_verify($password, $row["password"]))
					{
						$_SESSION["user_login"] = $row["user_id"];
					
						//----------------
                        $pdo_statement=$db->prepare("update tbl_user set logins=7 where user_id=2");
        	            $result = $pdo_statement->execute();
						//----------------

						$loginMsg = "Successfully Login...";
						header("refresh:2; welcome.php");

					}
					else

hey guys iam starting to learn during this crysis php :-). I got stucked with this pdo style..... i like to count logins, i tryed and figured out i can use the id... but my  question is how  can replace this "where user_id=2" to get the specific ID for the current user login in? the count function i i know how to make the... first i want to know how to write the syntax  of this pdo......

thank you :-)

Share this post


Link to post
Share on other sites

The same way that you did with the username and email in the first query.

Share this post


Link to post
Share on other sites
Posted (edited)

lol i got it....

$pdo_statement=$db->prepare("update tbl_user set logins=7  WHERE user_id = '".$_SESSION['user_login']['user_id']."';");

thank you SIR 🙂

 

lol the syntax is sometimes little crazy xDD

Edited by cybershit

Share this post


Link to post
Share on other sites

1 ) That isn't how you did it in the first query.

2 ) It's wrong.

3 ) Never put variables into a query. That's why "prepare" is used.

Share this post


Link to post
Share on other sites
1 hour ago, cybershit said:

update tbl_user set logins=7 WHERE user_id = '"

It is not complicated.  Use  a parameter:

$pdo_statement=$db->prepare("update tbl_user set logins=7 where user_id=:userId");
$result = $pdo_statement->execute(array(':userId' => $_SESSION['user_login']['user_id']));

Also, you do not ever need to have a ';' at the end of your SQL query.  Using the API is not the same as being in the mysql command line client -- each statement is going to be sent for you.  

Share this post


Link to post
Share on other sites

no you are right SIR  its not very complicated but the syntax is really crazy for beginner ......

 but i have one last question please...

$login_counter = $row['logins'] +1;

//------your code ----------
			
$pdo_statement=$db->prepare("update tbl_user set logins=$login_counter where user_id=:userId");
$result = $pdo_statement->execute(array(':userId' => $_SESSION['user_login']['user_id']));
         
// ------my code  ---------

$sql = $db->prepare("UPDATE tbl_user SET logins=$login_counter WHERE user_id = '".$_SESSION['user_login']['user_id']."';");
$sql->execute();

what is finally the difference in the point

3 ) Never put variables into a query. That's why "prepare" is used.

?

Share this post


Link to post
Share on other sites
17 hours ago, cybershit said:

3 ) Never put variables into a query. That's why "prepare" is used.

?

Obligatory XKCD reference: Little Bobby Tables

Regards, 
   Phill  W.

Share this post


Link to post
Share on other sites
18 hours ago, cybershit said:

what is finally the difference in the point

image.png.109e4480fe6d842a76d638894bf414c7.png

At the risk of stating the bleedin' obvious,

  • the first set of code above uses a placeholder (:userId) and passes the user id value in the execute() call. This is the correct way to use prepare().
  • The second puts the user id value directly into the query string.

BTW, you stored the user id in $_SESSION[''user_login'] and not in $_SESSION['user_login']['user_id'].

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.