-4

Possible Duplicate:
How to prevent SQL injection?

I'm trying to figure out how to do a parameterized query via PDO doing a SELECT, and right now I've got this code:

function user_login($username, $password) {
    $conn = connection_getConnection();

    $stmt = $conn->prepare("SELECT `password` FROM `users` WHERE `username` = :username");
    $row = $stmt-> #WHAT DO I DO HERE?
    if (empty($row)) {

    }
}

So, I placed a comment on the line I'm kind of lost on. Please help me out from here.

Thanks!

Community
  • 1
  • 1
Mike Perrenoud
  • 66,820
  • 29
  • 157
  • 232

1 Answers1

2

The PHP Manual has some good examples.

For you:

function user_login($username, $password) {
    $conn = connection_getConnection();

    $sql = "SELECT `password` FROM `users` WHERE `username` = :username";
    $stmt = $conn->prepare($sql, array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY));
    $query = $stmt->execute(array(':username' => $username));
    $rows = $query->fetchAll();
    if (empty($rows)) {

    }
}
cegfault
  • 6,442
  • 3
  • 27
  • 49
  • Does that return an array of rows? – Mike Perrenoud Dec 11 '12 at 02:27
  • @Michael Perrenoud You should really check the manual. – jeroen Dec 11 '12 at 02:29
  • 1
    @MichaelPerrenoud: no; just updated my answer. And like jeroen said, you **really** should check the manual – cegfault Dec 11 '12 at 02:30
  • @cegfault, I'll be honest, the manual is a lot of clutter for me personally, but apparently it's a good resource. I'll try to spend more time in the manual. It just seems like a ton of random user examples though. The information on the API seems limited. Am I misunderstanding how to use the manual? And please remember this, I'm coming from 12+ years of .NET development so the open-source community is very new to me. – Mike Perrenoud Dec 11 '12 at 02:32
  • @MichaelPerrenoud: yes, there are a lot of good user examples, but near the top there is a section called "Examples" that are basic examples on the function. Do try to spend more time with it an familiarize yourself with it. – cegfault Dec 11 '12 at 02:34