Hi I’m currently using php 5.3 in combination with mysql server 5.1.61.
I’m currently trying to do a loginscript, but I’m running into the problem
that I’m getting no result data and no error message.
The function that handles the login is the following:
public function doLogin($username,$pw)
{
$db=new incdb();
$row['name']=':username';
$row['value']=$username;
$row['type']=PDO::PARAM_STR;
$parameters[]=$row;
$row['name'] = ':password';
$row['value'] = $pw;
$row['type'] = PDO::PARAM_STR;
$parameters[] = $row;
$query=$db->execSql('SELECT * FROM tbUser WHERE '
.'username=:username AND password=MD5(:password)',$parameters);
unset($parameters);
unset($db);
$data=$query->fetch();
if (isset($data) && is_array($data))
{
$_SESSION['loggedIn']=$data['id'];
$_SESSION['loggedInData']=$data;
return 1;
}
else
{
echo 'error';
return 0;
}
}
The incdb class has the execSql function as follows:
public function execSql($sql, $parameters)
{
$query=$this->pdo->prepare($sql);
foreach ($parameters as $param)
{
$query->bindParam($param['name'], $param['value'], $param['type']);
}
$query->execute();
return $query;
}
Can someone tell me what I’m doing wrong here? (I’m relatively new to using php PDO….in the past I always used the mysql functions directly). Tnx
I think you cannot bind a parameter as a argument of a function.
Change your code like this:
And your querty like this:
Keep in mind that depending on the character set of the database the username comparison can be case sensitive!