PHP - SELECT query using PDO without injection

Asked Apr 23 '16 at 07:58

Active Apr 23 '16 at 08:01

Viewed 24 times

I have some variables that I want to check if any of them are exist in the database or not. Also I want to prevent injection. This is my code:

if(!empty($_POST['submit'])) {
    $username = $_POST['username'];
    $password = $_POST['password'];
    $result = $db->query('SELECT * FROM users WHERE username=:username AND password=:password');
    if($result->rowCount($result)=='1') {
        echo 'Ok';
    } else echo 'Not Ok';
}

But I get this error:

Fatal error: Call to a member function rowCount() on a non-object in D:\xampp\htdocs\index.php on line 7

Please help me solve this problem.

Thanks.

By the way, I have the class $db and It is working well.

edited Apr 23 '16 at 08:01

asked Apr 23 '16 at 07:58

Majid Sadr

Where you use `bindParam()` in your code?? – Saty Apr 23 '16 at 07:59
This code can impossibly throw that error. Please show us the relevant code (like the actual line 7 of the `D:\xampp\htdocs\index.php` file. – Oldskool Apr 23 '16 at 08:01

PHP - SELECT query using PDO without injection

0 Answers0