gizmola Posted March 6, 2023 Share Posted March 6, 2023 Is this a new problem? I'm not sure what you are trying to debug here. You didn't use password_hash() to make the encrypted password so you don't need to use password_verify() to check it. You stated that you used md5() to encrypt the passwords. I'm not going to go into why md5 (especially without a salt) is not recommended, because that decision was made by someone in the past, and it is what it is. Your query is already checking for a name AND password match. Perhaps that was what you had previously (or something similar). I'm not sure why you thought that needed to be changed for php7. Even if there are things that weren't recommended security practices, you can't "upgrade" a security scheme by changing a few functions. In your case, all you need do is something like: function LogMeX2($name, $pwd1) { $sql = "SELECT User, UserKey FROM LIBusersX WHERE UserKey = '" . md5($pwd1) . "' AND UserN = '" . md5($name) . "'"; $pdo = connectDB(); $stmt = $pdo->prepare($sql); $stmt->execute(); if(!$row = $stmt->fetch()) { return false; } // username and password matched, return user id return $row['User']; } Link to comment https://forums.phpfreaks.com/topic/315970-php-version-5445/page/4/#findComment-1606285 Share on other sites More sharing options...
gizmola Posted March 6, 2023 Share Posted March 6, 2023 In regards to prior code, while you should in general never interpolate variables directly into a sql statement and use prepared statements, in this case it doesn't matter because you are running md5 on both parameters, and it doesn't matter if someone tries to sql inject data, as the md5 function will convert the input and output an md5 string. This is one of very few cases where it doesn't matter what the input is. I'm not sure other than for testing why you are selecting the userkey. It's fine to have it in the criteria, but you wouldn't want or need that value to be returned in the result set. Link to comment https://forums.phpfreaks.com/topic/315970-php-version-5445/page/4/#findComment-1606286 Share on other sites More sharing options...
Paul-D Posted March 7, 2023 Author Share Posted March 7, 2023 The major problems with PDO there are no books on the subject just web pages with fragments of code. Back in the days of mySql there were and still are books you can buy. Link to comment https://forums.phpfreaks.com/topic/315970-php-version-5445/page/4/#findComment-1606302 Share on other sites More sharing options...
Paul-D Posted March 7, 2023 Author Share Posted March 7, 2023 (edited) What is needed is function prototypes complete with explanations. Prepare() and Execute() ??? Edited March 7, 2023 by Paul-D Link to comment https://forums.phpfreaks.com/topic/315970-php-version-5445/page/4/#findComment-1606304 Share on other sites More sharing options...
Strider64 Posted March 7, 2023 Share Posted March 7, 2023 3 hours ago, Paul-D said: The major problems with PDO there are no books on the subject just web pages with fragments of code. Back in the days of mySql there were and still are books you can buy. There are plenty of good online help on PDO - https://phpdelusions.net/pdo Link to comment https://forums.phpfreaks.com/topic/315970-php-version-5445/page/4/#findComment-1606305 Share on other sites More sharing options...
mac_gyver Posted March 7, 2023 Share Posted March 7, 2023 3 hours ago, Paul-D said: What is needed is function prototypes complete with explanations. that would be exactly the information found in the php documentation - https://www.php.net/manual/en/book.pdo.php specifically for Prepare() and Execute() - https://www.php.net/manual/en/pdo.prepare.php and https://www.php.net/manual/en/pdostatement.execute.php Link to comment https://forums.phpfreaks.com/topic/315970-php-version-5445/page/4/#findComment-1606306 Share on other sites More sharing options...
gizmola Posted March 10, 2023 Share Posted March 10, 2023 On 3/7/2023 at 12:33 AM, Paul-D said: The major problems with PDO there are no books on the subject just web pages with fragments of code. Back in the days of mySql there were and still are books you can buy. Paul-D my friend, this is the way of the world. Many books are now published online, sometimes under a creative commons license. In today's world you have ereaders and kindle etc. I used to buy scores of technical books -- have an entire library of em, but they are mostly obsolete now. I'm sure you would agree that many books have a few really important chapters and then a lot of stuff that's not important. The phpdelusions site pretty much covers everything you need. The other thing about PDO is that it's akin to ODBC, and that makes it different than a server specific api. Unlike ODBC, it in general is very usable and performant regardless of the RDBMS you are using it with. I personally use Doctrine DBAL for projects, if I just need raw sql. It provides a nice wrapper around PDO. Since you haven't coded anything in a long time, and are having to try and upgrade code that was written in an antiquated and un-modular fashion, it's understandable that you are frustrated, but if you plan to stay in PHP for a while, there are many things that have improved in the PHP world in the last 10 years that have nothing to do with PDO. Learning about and adopting some of these things which include use of git, wide adoption of dependency injection, community standards, namespaces, component libraries, and use of the composer project dependency management tool, have raised the bar. PDO is such a small and minimal set of functions/methods and practices, it's honestly not hard to learn what you need in short order, but doesn't scratch the surface of the more important improvements that have come along with the changes to the PHP language and runtimes. Link to comment https://forums.phpfreaks.com/topic/315970-php-version-5445/page/4/#findComment-1606418 Share on other sites More sharing options...
Paul-D Posted March 20, 2023 Author Share Posted March 20, 2023 My server is still PHP4.5 as such I am using md5(). I know this should be changed. Md5() is still supported in PHP7 so I can address the issue then. I need to do 2 things return a set of records from a table preferably using prepare and execute. I need to return a record from an admin table to check at log in. I need the entire row including access levels and last time logged in. I am interested in this bindParam(1, $Name); as I think this could be useful. What I have using prepare and execute needs help with. So any corrections to this would be very helpful. <? $pdo = connectDB(); $Name = "Bruce"; $sql= ("SELECT * FROM PDO WHERE Name_F = ?"); // $Name goes here $stmt = $pdo->prepare($sql); // $stmt->bindParam(1, $Name); $stmt->execute($Name); while ($row = $stmt->fetch()) { echo $row['Name_F'] . " - " . $row['Name_S'] . " - " . $row['DOB'] . "<br>"; } echo "Music count = " . $stmt->rowCount(); ?> Link to comment https://forums.phpfreaks.com/topic/315970-php-version-5445/page/4/#findComment-1606643 Share on other sites More sharing options...
Paul-D Posted March 20, 2023 Author Share Posted March 20, 2023 The error is Warning: PDOStatement::execute() expects parameter 1 to be array, string given in /vhost/vhost15/d/e/s/desmond-otoole.co.uk/www/music2/musicX.php on line 37 Link to comment https://forums.phpfreaks.com/topic/315970-php-version-5445/page/4/#findComment-1606644 Share on other sites More sharing options...
Barand Posted March 20, 2023 Share Posted March 20, 2023 This is exactly the same code and problm that you posted on Saturday morning and which was answered by @ginerjm telling precisely wht was wrong nd giving you the correct code... Stop repeating questions and ignoring replies. 1 Link to comment https://forums.phpfreaks.com/topic/315970-php-version-5445/page/4/#findComment-1606645 Share on other sites More sharing options...
Recommended Posts