-3

I am making a login form and I am quite confused with how to use bind parameters to select data.

My current code looks like this:

$stmt = $mysqli_conn->query('SELECT * FROM user WHERE email = ? AND password = ?');
    $stmt->bind_param('ss', $emailclean, $passwordclean);

    $stmt->execute();

    $result = $stmt->get_result();
    if ($row = $result->fetch_assoc()) {
        $finalmessager['success'] = 'You are logged in';
        $_SESSION['finalmessagelog']= $finalmessager;
        $_SESSION['authenticateduser']= $emailclean;
        header('location:../index.php');
        unset($_SESSION['logErrors']);
    }

I don't understand why this isn't working

Dharman
  • 30,962
  • 25
  • 85
  • 135
user5455438
  • 149
  • 1
  • 1
  • 8

1 Answers1

0

i let you a little example: 

<?php
$query = "SELECT * FROM user WHERE email = ? AND password = ?";
$stmt = $this->db->prepare($query);
$stmt ->bind_param("ss", $emailclean, $passwordclean); //both are strings
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($column1, $column2); //you have to assign every column

    while($stmt->fetch())
{
    if($column1 == 1){ //first column is id? just guessing
      echo "its the id 1 yeah!";
    }
    echo "col1: $column1, col2: $column2 \n";
}

$stmt->close();
Johan
  • 133
  • 7
  • How can I use an if statement using this? – user5455438 Oct 18 '15 at 15:21
  • inside the while loop you can use $column1 and $column2 as variables so you can use it in whatever you want – Johan Oct 18 '15 at 15:24
  • when you said "you have to assign every column", did you mean all the columns in my database or the columns required for the SELECT statement? – user5455438 Oct 18 '15 at 15:30
  • the columns you are selecting, if you use "SELECT id, name FROM user" per example you should assign $id and $name as this "$stmt->bind_result($id, $name);" the name of the variable doesn't really matters just the order, but is more organized in that way – Johan Oct 18 '15 at 15:37