PDO if fetch() then print_r($smt->fetch(PDO::FETCH_OBJ)) wont show any result

Question

I have a login database with user and password and a html file with input type for username and password..

in my class for the login:

class login
{
    protected $_username;
    protected $_password;

    public function __construct($username, $password) //$username and $password values will be from the $_POST['username and password'] when the user submits the username and password
    {
        $this->username = $username;
        $this->password = md5($password);
    }

    public function login()
    {
        try {
            $pdo = dbConnect::getConnection();
            $smt = $pdo->prepare("SELECT * FROM users WHERE username = ?");
            $smt->bindParam(1, $this->username);
            $smt->execute();
            echo "<pre>";
            print_r($smt->fetch(PDO::FETCH_OBJ));  //testing if $smt will return results..yes it returned
            if($smt->fetch()) {
                print_r($smt->fetch(PDO::FETCH_OBJ)); //doesn't return ??this is my question... all other arguments inside this if loop is not executed..
                while($row = $smt->fetch(PDO::FETCH_OBJ)) {
                    echo "one";
                    if($row->password == $this->password) {

                        header("Location: admin.php");
                    }
                    else {
                        echo '<div class="alert alert-error alert-block"><button type="button" class="close" data-dismiss="alert">&times;</button><h4>Error!</h4>username and password do not match!</div>';
                    }
                }
            }
            else {
                echo '<div class="alert alert-error alert-block"><button type="button" class="close" data-dismiss="alert">&times;</button><h4>Error!</h4>Username does not exist!</div>';
            }           
        }       
        catch (PDOException $e) {
            die($e->getMessage());
        }
    }
}

the problem is that in PDO, it will not return data that i've been requesting after the if($smt->fetch()) which is used to know if the query returned a result.. before the fetch, the print_r returns data... i can't continue my code because of this..im new to OOP and PDO that's why i can't handle this unlike from mysql or mysqli functions.. im new to PDO, also im using sqlite here..

Please, for the sake of your users, do not use MD5 unsalted for password hashing. It is entirely insecure. Search here for secure password hashing in PHP for preferred alternatives. [This is a great place to start](http://stackoverflow.com/a/17073604/541091) — Michael Berkowski, Dec 13 '13 at 17:17
Michael beat me to it, but I'll say it anyway. `md5($password)` is not a good method to use. It's "too fast" and no longer a safe method to use for passwords. — Funk Forty Niner, Dec 13 '13 at 17:18

score 1 · Accepted Answer · answered Dec 13 '13 at 17:19

1

You're fetching multiple times:

print_r($smt->fetch(PDO::FETCH_OBJ));  //testing if $smt will return results..yes it returned
if($smt->fetch()) {
    print_r($smt->fetch(PDO::FETCH_OBJ)); //doesn't return ??this is my question... all other arguments inside this if loop is not executed..
    while($row = $smt->fetch(PDO::FETCH_OBJ)) {

Each of these lines will try to fetch the next row from the returned data. But your query looks like it only returns one row. This row will be printed by the first print_r(). Then when you fetch again in if(), there won't be anything left, so it will return false and the if will fail.

You can use $smt->fetchAll() to return all the results in an array. You can then test whether this array has any elements, and loop through it to print the results.

$results = $smt->fetchAll(PDO::FETCH_OBJ);
if (count($results)) {
    foreach ($results as $row) {
        print_r($row);
        if($row->password == $this->password) {

            header("Location: admin.php");
        }
        else {
            echo '<div class="alert alert-error alert-block"><button type="button" class="close" data-dismiss="alert">&times;</button><h4>Error!</h4>username and password do not match!</div>';
        }
    }
}
else {
    echo '<div class="alert alert-error alert-block"><button type="button" class="close" data-dismiss="alert">&times;</button><h4>Error!</h4>Username does not exist!</div>';
}

Although I don't understand why you're using a loop when you can be pretty sure the query will never return more than 1 row. I see this all the time, I don't understand it, unless programmers are simply copying code from other queries that return multiple rows, and they don't understand that the loop is unnecessary.

answered Dec 13 '13 at 17:19

Barmar

741,623
53
500
612

im just using md5 for testing purpose,anyway thanks for the tip..much appreciated.. on the other hand, does that make a difference if i use fetch() from fetchAll() ? i thought it was like in mysql, if i user $smt->fetch(), it will be like if the fetch will have data returned.. in that way,i will know if any username exists in the database.. after that i will try to compare the password, using while($row = $smt) line..im pretty confused..hehe – Kay Singian Dec 13 '13 at 17:24
It's just like mysql, each call to `mysql_fetch_array()` returns the next row of the results, and when you run out of results it returns `false`. – Barmar Dec 13 '13 at 17:25
I never said anything about md5. – Barmar Dec 13 '13 at 17:25
sorry about the md5 thing.. i was answering other users that are commenting in this post @Barmar .. thanks for the info , i will try your suggestions.. one thing, those print_r's are used only so that i can see where my code is not giving results.. it is not needed in my code, however, i'm just new in PDO so i need to know the logic. one more question, does count function work in SQLite? also if i use that function, do i need to add a Select Count (*) in my SQL statement? – Kay Singian Dec 13 '13 at 17:32
I would be very surprised to find any flavor of SQL that doesn't support `COUNT(*)`, it's a very basic SQL feature. There's no relationship between that and the PHP `count()` function, which operates on PHP arrays, not SQL. – Barmar Dec 13 '13 at 17:34
If you want to use `print_r()` for debugging, assign the result of a call to a variable, and then print the variable. The way you're doing it, you're calling the function an extra time. Since each call to the function returns something different, that's not an appropriate way to do it. – Barmar Dec 13 '13 at 17:36
im using objects in my PDO fetch.. will it be okay if i use the count if it is for arrays? another question, in my OOP, is it okay if i declare the $username and $password in the _ _construct? i have experimented with not declaring it there. instead, i just passed the variables in the login function and it gives no errors.. i dont know if u need to use the _ _construct here or not – Kay Singian Dec 13 '13 at 17:45
`fetchAll` returns an array of whatever type you request in `PDO::FETCH_xxx`, so you'll get an array of objects and you can use `count()` on that. I'm not very experienced at writing OOP PHP, but I think you declare properties in the `class` declaration, not in the constructor. – Barmar Dec 13 '13 at 17:47

PDO if fetch() then print_r($smt->fetch(PDO::FETCH_OBJ)) wont show any result

1 Answers1

Linked