php to MySQL using PDO with bcrypt

Question

I have been using PHP 5.0 with MySQL 4.x with MD5 security. Due to circumstance, i have to use PHP 5.3 with bcrypt and PDO for MySQL.

Attached is the sample code that i used from here and adopted. It that does not contain any syntax errors during runtime but it doesn't work. The var_dump in the 'while' statement doesn't give out any output.

$email = strtolower($_POST['email']);
$pw = $_POST['pw'];

$chk_email= $dbh->prepare("SELECT pw FROM users WHERE email = $email");
$chk_email -> execute(array($email));

while($row = $chk_email->fetch(PDO::FETCH_ASSOC)){
    $chk_pass = $row['pw']; 
    $pass_isGood = $bcrypt->verify($_POST['pw'], $chk_pass);
    var_dump($pass_isGood); 

}

Since i'm totally new in bcrypt and PDO, i'm sure its just syntax issue. Any pointers is much appreciated. Thanx in advance.

Sorry, but by saying "MD5 securit" you indicate you got no idea what "MD5" is and what "security" means. — Marcin Orlowski, Jul 09 '14 at 19:05

score 1 · Answer 1 · answered Jul 09 '14 at 18:49

1

Change your prepare statement to:

$chk_email = $dbh->prepare("SELECT pw FROM users WHERE email = ?");

answered Jul 09 '14 at 18:49

hjpotter92

78,589
36
144
183

still not getting anything... – Joe Shamuraq Jul 09 '14 at 18:59

meda · Accepted Answer · 2014-07-18T22:28:21.947

1

$chk_email= $dbh->prepare("SELECT pw FROM users WHERE email = ?");
$chk_email -> execute(array($email));
$row = $chk_email->fetch(PDO::FETCH_ASSOC));

$pass_isGood = $bcrypt->verify($_POST['pw'], $row['pw']);
if(!$pass_isGood){
    echo "Incorrect password";
}else{
    echo "Good password";
}

edited Jul 18 '14 at 22:28

answered Jul 09 '14 at 19:54

meda

45,103
14
92
122

php to MySQL using PDO with bcrypt

2 Answers2