I have been coding a login script in PHP using prepared statements however I can’t get it to work, can anyone point out why this isn’t working?
Whenever I log in all I get is the “Statement failed!”.
//Start session
session_start();
//Include database connection details
require_once('config.php');
//Sanitize the POST values
$login = clean($_POST['login']);
$password = clean($_POST['password']);
$query = $dbconn -> prepare("SELECT * FROM members WHERE login=? AND passwd=?");
$query -> bind_param("ss", $login, $password);
if($query->execute() == true) {
$query -> bind_result($result);
$query -> fetch();
if($result){
$member = mysqli_fetch_assoc($result);
session_regenerate_id();
$_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
$_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
$_SESSION['SESS_LAST_NAME'] = $member['lastname'];
$_SESSION['SESS_IS_ADMIN'] = $member['admin'];
session_write_close();
echo $_SESSION['SESS_MEMBER_ID'];
echo $_SESSION['SESS_FIRST_NAME'];
echo "Test!";
exit();
}else{
echo "Statement failed";
}
}
/* Close statement */
$query -> close();
In config.php there is the following:
$dbconn = new mysqli('localhost', 'root', 'password', 'bookingsystem');
And the database structure for the users looks like this:
`members` (`member_id`, `firstname`, `lastname`, `login`, `passwd`, `admin`) VALUES
(1, 'Steve', 'Stone', 'Admin', '5f4dcc3b5aa765d61d8327deb882cf99', 1);
From the manual on
bind_result:You are binding one variable but you are selecting 6 columns. You need to bind all 6 columns to a variable and then inside the condition, you do not have to fetch another row as you have already done that and the results from your fetch will be available in your variables.
You should also check for the return value of
fetch, not$resultor any of the other variables.