Home/ Questions/Q 9196123
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T21:46:55+00:00

I’m writing a function to authenticate a user. I create a connection with a

  • 0

I’m writing a function to authenticate a user. I create a connection with a database, then prepare a query, bind the parameter, execute the query, bind the result to a variable,check if the query returned a result.

If it did I compare the result (bound to the variable), close the statement, close the connection, and then return the appropriate value. Well, that’s what I think I am doing, but I keep getting a syntax error and I can’t figure out what I am doing wrong:

Syntax error: expected: exit, if, identifier, variable, echo, do, while, for, foreach, declare, switch, break, continue, function, return, try, throw, use, global, unset, isset, empty, class, interface, array, {, }, include, include_once, eval, require, require_once, print, ‘;’, +, -, !, ~, ++, –, @, [, new, static, abstract, final, (, $

My code:

/**
     * Authenticates a user. 
     * @param type $email - String value
     * @param type $hashedPassword - String value
     * @return true if user is authenticated or false otherwise - Boolean value
     */
    function isValidUser($email, $hashedPassword)
    {
        //This variable will hold the value returned from the query to the database.
        var $rPassword = NULL;

        //Establish a connection
        $mysqli = new mysqli($GLOBALS['dbServer'], $GLOBALS['dbUserName'], $GLOBALS['dbPassword'], $GLOBALS['dbName']);

        //Check if connection failed
        if($mysqli->connect_error)
        {
            die('Connect Error (' . $mysqli->connect_errno . ') ' 
                    . $mysqli->connect_error);
        }

        $stmt = $mysqli->prepare("SELECT password FROM user_info WHERE email=?");
        $stmt->bind_param('s', $email);
        $stmt->execute();
        $stmt->bind_result($rPassword);
        if($stmt->fetch())
        {
            if(($rPassword != null) && ($rPassword == $hashedPassword))
            {
                $stmt->close();
                $mysqli->close();
                return true;
            } 
        }           
        $stmt->close();
        $mysqli->close();
        return false;           
    }

I was doing this without using prepared statements and the code worked fine, but then I did some research and found out that prepared statements is the way to go because they help prevent SQL injections.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team
    var $rPassword = NULL;

    should be:

    $rPassword = NULL;

    var is for initializing properties in classes. See documentation. If you are using a class you need to initialize it outside of the method (function) and then access the property through $this->rPassword.

    • 0