0

I have code select database and output false.

but the usname and pasword my entry is true on database. and i used wamp server 64b. apache:2.49, php: 5.5.1.2. i open extension on php.ini

extension=php_pdo_firebird.dll
extension=php_pdo_mysql.dll
extension=php_pdo_oci.dll
extension=php_pdo_odbc.dll
extension=php_pdo_pgsql.dll
extension=php_pdo_sqlite.dll


public static function getByNamePass( $username, $password ) {
        $conn = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
        $sql = "SELECT * FROM district_account WHERE username = :username AND password = :password";
        $st = $conn->prepare( $sql );
        $st->bindValue( ":username", $username, PDO::PARAM_STR);
        $st->bindValue( ":password", $password, PDO::PARAM_STR );
        $st->execute();
        $row = $st->fetch();
        $conn = null;   
        if ( $row ) return new District_Account( $row );
}
phuochq
  • 37
  • 8

1 Answers1

1

You should use bindParam()

$st->bindParam(":username", $username, PDO::PARAM_STR);
$st->bindParam(":password", $password, PDO::PARAM_STR );
iatboy
  • 1,295
  • 1
  • 12
  • 19
  • Dang, beat me to it. +1. – EternalHour Oct 06 '14 at 07:38
  • thank you, but i var_dump and output true. code var_dump($st->bindValue( ":password", $password, PDO::PARAM_STR )); output: boolean true – phuochq Oct 06 '14 at 07:39
  • $st->bindParam(":username", $username, PDO::PARAM_STR); $st->bindParam(":password", $password, PDO::PARAM_STR ); output -> false – phuochq Oct 06 '14 at 07:43
  • @phuochq I have just tried in my local environment, and bindParam output true. Maybe you should check your `$th` and `$conn`, check your connection – iatboy Oct 06 '14 at 07:52
  • @phuochq Try `$sql = "SELECT * FROM district_account`, and without bind to see whether you have the results – iatboy Oct 06 '14 at 07:56
  • Changing to bindParam in this case will make [no difference](http://stackoverflow.com/questions/1179874/pdo-bindparam-versus-bindvalue). – bcmcfc Oct 06 '14 at 07:58
  • output -> false code `$conn = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD ); $sql = "SELECT * FROM district_account "; $st = $conn->prepare( $sql ); // $st->bindParam( ":username", $username, PDO::PARAM_STR); // $st->bindParam( ":password", $password, PDO::PARAM_STR ); $st->execute(); var_dump($st->execute());` – phuochq Oct 06 '14 at 08:01
  • @phuochq It means that `execute()` returns false. Now you can `print_r($st->errorInfo());` after execute to see what is the error, maybe in the database – iatboy Oct 06 '14 at 08:05
  • ok. thanks #iatboy. i have to find bug out connect :). thank thank – phuochq Oct 06 '14 at 08:12
  • @phuochq No thanks, you mean error in the connection? – iatboy Oct 06 '14 at 08:14