0

I've been converting my code to PDO standards but for some reason I'm having trouble returning row count. I believe its its not storing the variables correctly but I'm quite sure.

// Define $username and $password
$email=$_POST['email'];
$hash=$_POST['hash'];
// To protect MySQL injection for Security purpose
$email = stripslashes($email);
$hash = stripslashes($hash);
$email = mysql_real_escape_string($email);
$hash = hash('SHA256', '$hash');

$dbConnect = 'mysql:dbname=test;host=localhost';
$username = "test";
$password = "test";

try{
    $dbConnect = new PDO($dbConnect, $username, $password);
} catch (PDOException $error) {
    echo 'Error Connecting: ' . $error->getMessage();
}

$query = $dbConnect->prepare("SELECT * FROM user WHERE 'hash'=:hash AND 'email'=:email");
$query->bindValue(':hash', $hash);
$query->bindValue(':email', $email);
$query->execute();

$rows = $query->rowCount();
echo $rows;
if ($rows == 1) {
        session_start(); // Starting Session
        $_SESSION['login_user']=$email; // Initializing Session
        header('Location: home.php'); // Redirecting To Home Page
} else {
$loginError = "Username or Password is invalid";
}
mysql_close($connection); // Closing Connection
Tyharo
  • 383
  • 2
  • 5
  • 23
  • 1
    You have a quoting problem. The column names `hash, email` should be either unquoted (since they are not keywords) or quoted with backticks. Using single quotes causes MySQL to interpret them as string literals, which is not correct in that context. – Michael Berkowski Mar 01 '16 at 02:36
  • 1
    I notice also you have a `mysql_close()` left in there, which should be removed. I don't see the `$connection` variable in use elsewhere, so I assume it was just overlooked when you converted this code. Likewise, the `mysql_real_escape_string()` should be removed -- you cannot mix it with PDO, and it is not necessary to escape in that manner anyway since you're using `bindValue()`. – Michael Berkowski Mar 01 '16 at 02:37
  • Thanks for the quick response! I didn't realize there was different quoting, after switching from ' to ` it worked fine! Thanks again! – Tyharo Mar 01 '16 at 02:57

0 Answers0