Hey I’m learning a new way of querying my databases because its meant to be better and more secure, this i building prepared statements that can be reused.

The problem is this is a different way of looking at it and im not used to it yet and still have some things that aren’t clear to me.

So my script tries to bind three paras to a query to allow a user to login to my site. I am using the same script as before, this used user name and password… This works just fine:

$query = "SELECT *
            FROM user
            WHERE email = ? AND password = ?
            LIMIT 1";

    if($stmt = $this->conn->prepare($query)) 
    {
        $stmt->bind_param('ss', $un, $pwd);
        $stmt->execute();

        if($stmt->fetch()) 
        {
            //$uid = $stmt->fetch(id);
            //$_SESSION['uid'] = $uid;
            $stmt->close();
            return true;
        }
    }

but when i check if the user is admin i doesn’t like it at all:

$query = "SELECT *
            FROM user
            WHERE email = ? AND password = ? AND isAdmin = ?
            LIMIT 1";

    if($stmt = $this->conn->prepare($query)) 
    {
        $stmt->bind_param('ssi', $un, $pwd, $isAdmin);
        $stmt->execute();

        if($stmt->fetch()) 
        {
            //$uid = $stmt->fetch(id);
            //$_SESSION['uid'] = $uid;
            $stmt->close();
            return true;
        }
    }

Also i declare isAdmin as a global private var at the start of the class like so:

private $isAdmin = "1";

So yeah i know that the user i am testing has a 1 for isActive on the database but when it does into this script it returns false.

Like i said i’m new to this style of writing queries so any help would be amazing.

Thanks for the time.