PHP (mysqli) to find single value

Question

I know how to search using mysqli to find if there is at least one match. How do I go about retrieving another value from a found row. It must just require changing 1 or 2 things.

Imagine I have the following DB:

 ID     |     emailaddress     |    password
 1      |     dummy@email.com  |    DUMB1PASS
 2      |     second@email.com |    DUMB2Pass

I can use the following code to verify if the the email address "dummy@email.com" exists. How would I look up the password associated with that row (i.e. the row containing dummy@email.com).

$email = "dummy@email.com";
$servername = "correct"; $username = "correct"; $DBpass = "correct"; $dbname = "correct";
    $conn = new mysqli($servername, $username, $DBpass, $dbname);
    if ($conn->connect_error)
        {
            die("Connection failed: " . $conn->connect_error);
        } 

    $sql = "SELECT emailaddress FROM registration WHERE emailaddress = '$email'";
    $result = $conn->query($sql);

    if ($result->num_rows > 0)
        {
            echo "we found a match";
        } 
    else
        {
            echo "we did not find a match";
        }

I imagine I can do something like:

$email = "dummy@email.com";
$servername = "correct"; $username = "correct"; $DBpass = "correct"; $dbname = "correct";
    $conn = new mysqli($servername, $username, $DBpass, $dbname);
    if ($conn->connect_error)
        {
            die("Connection failed: " . $conn->connect_error);
        } 

    $sql = "SELECT password FROM registration WHERE emailaddress = '$email'";
    $result = $conn->query($sql);

    if ($result->num_rows > 0)
        {
            echo "the value is '$result'";
        } 
    else
        {
            echo "we did not find a match";
        }

However, it produces this error:

Catchable fatal error: Object of class mysqli_result could not be converted to string in MYPAGE on line XX.

I think that the cause of this is likely that $result is an array or something. However, I don't know enough about sql/php to know if that is the problem, or how to pull the result from it if it is the case.

I'd really appreciate any help.

if you're going to want to find a match against a user's password, then your system is completely unsafe to be used. Tell me I didn't understand the question. If this is to match up against user input password and a hashed password, then that's a different story. — Funk Forty Niner, Jun 22 '15 at 01:33
Just using this as an example. But I'm confused by your comment. If passwords are encrypted with md5, and everything is sanitized against injection, isn't this exactly how you would have to go about checking passwords for a login system? — COMisHARD, Jun 22 '15 at 01:35
I wouldn't go with MD5 but `password_hash()` or the compatibility pack. Reload my comment above, I've made an edit; pretty sure that's what you probably really meant to say. — Funk Forty Niner, Jun 22 '15 at 01:36
Have a look at this answer. http://stackoverflow.com/a/29778421/ it uses PDO with prepared statements and the hashing functions I mentioned above. You've a complete solution in there. It wouldn't take much to convert it to using `mysqli` with prepared statements neither. MD5 is no longer considered safe to be used to hash/save passwords with. — Funk Forty Niner, Jun 22 '15 at 01:39

score 0 · Accepted Answer · answered Jun 22 '15 at 01:32

0

You need to fetch the row first, try this:

if ($result->num_rows) {
  $row = $result->fetch_row();
  echo 'the value is: ', $row[0];
}

answered Jun 22 '15 at 01:32

Martin

6,632
4
25
28

PHP (mysqli) to find single value

1 Answers1