1

I'm working on a project for school where I need to authenticate users. The code below came from my book but, I can't seem to get it to work. I've checked the query after attempting to bind the values and the query never contains the actual email or password. Can someone tell me what is wrong with my code or what I am doing wrong? I've searched the internet and made sure my code is exactly the same as in my book. Also, I am using the correct credentials.

function is_valid_admin_login($email, $password)
{
    global $db;

    $password = sha1($password);

    $query = 'SELECT adminID FROM administrators
              WHERE adminEmail = :email AND adminPassword = :password';

    $statement = $db->prepare($query);
    $statement->bindValue(':email', $email);
    $statement->bindValue(':password', $password);
    $statement->execute();

    $valid = ($statement->rowCount() == 1);

    $statement->closeCursor();

    return $valid;
}

When I echo the query after binding the values I always get:

SELECT adminID FROM administrators
WHERE adminEmail = :email AND adminPassword = :password

I would really appreciate the help as I am very new to PHP.

Phil
  • 157,677
  • 23
  • 242
  • 245
Jonathan
  • 2,623
  • 3
  • 23
  • 38
  • **Question:** Are you just typing `echo $query` after running the query? – Darren Jul 16 '14 at 02:52
  • Yes, after execute(). I'm assuming that's not correct? After thinking about that I guess it would always return the original query since I am binding the values to the statement. Right? – Jonathan Jul 16 '14 at 02:52
  • 1
    PDO binds internally, it's not going to change your `$query` variable's SQL. If it did, it would totally void the point of parameterised queries! – scrowler Jul 16 '14 at 02:55
  • possible duplicate of [Retrieve (or simulate) full query from PDO prepared statement](http://stackoverflow.com/questions/3754530/retrieve-or-simulate-full-query-from-pdo-prepared-statement) – quickshiftin Jul 16 '14 at 02:55
  • @Jonathan - You'd assume right. You should read [**this**](http://stackoverflow.com/a/210693/2518525) and [**this**](http://php.net/manual/en/pdostatement.debugdumpparams.php) – Darren Jul 16 '14 at 02:55
  • @Jonathan Perfectly alright. I think the second one is more your taste if you really need to generate that end query :-) – Darren Jul 16 '14 at 03:03
  • @Darren, Well I used `$statement->debugDumpParams();` and the values aren't binding. Do you see anything wrong with my code? – Jonathan Jul 16 '14 at 03:07
  • 1
    @Jonathan It will show the query and the relative binds after running the query ([**as in the manual**](http://php.net/manual/en/pdostatement.debugdumpparams.php)). **Edit:** [Check this bug](https://bugs.php.net/bug.php?id=52384) which states if php version is around 5.2/5.3 it doesn't emit the bound values. – Darren Jul 16 '14 at 03:09
  • 1
    @Darren, After reading this question: http://stackoverflow.com/questions/883365/row-count-with-pdo I think the problem is with rowCount() and not with binding the values. I'll have to test this tomorrow. Thank you for your help! – Jonathan Jul 16 '14 at 03:35

0 Answers0