How to check if something is fetched , and then to run multiple query

Question

I've searching for this for quite some time but with no luck. I want to check if a given username and password are correct then echo something, but it's not working. After this I want to run another query.

<?php
    require "conn.php";
    $status=1;
    $user_name = $_POST["user"];
    $user_pass = $_POST["pass"];

    $sql = "select * from tbl_client where username = :user and password = :pass";
    $sth = $dbL->prepare($sql);
    $sth->execute(array(':user => $user_name' , ':pass => $user_pass' ));
    //$sth->execute(':user' => $user_name, ':pass' => $user_pass);

    $row = $sth->fetch(PDO::FETCH_NUM);
    if ($row) {
        echo 'login success , Hello';
    } else {
        echo 'login failed';
    }

    $sql = 'insert into login_status (username, status) values (:user, :status)';
    $sth = $dbL->prepare($sql);
    $sth->execute(array(':user => $username' , ':status => $status' ));
?>

**Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure you ***[don't escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. — Jay Blanchard, Jul 25 '16 at 15:31

Honk der Hase · Answer 1 · 2016-07-25T15:34:24.550

1

$sth->execute(array(':user => $username' , ':pass => $user_pass' ));

That is completely wrong! Your array contains 2 strings where it should contain 2 key-value pairs (key = parameter in SQL query, value = what you want to pass to the database driver)

Try this

    $sth->execute(array(':user' => $username , ':pass' => $user_pass ));

edited Jul 25 '16 at 15:34

answered Jul 25 '16 at 15:32

Honk der Hase

2,459
1
14
26

Why should the OP "try this"? Why is it "completely wrong"? A ***good answer*** will always have an explanation of what was done and why it was done in such a manner, not only for the OP but for future visitors to SO. – Jay Blanchard Jul 25 '16 at 15:33
3

Mostly correct! The only two suggestions I'd make is that this also affects the last line in the snippet (`$sth->execute(array(':user' => $user_name, ':status' => $status));`), and the variable is actually `$user_name` instead of `$username`. – Chris Forrence Jul 25 '16 at 15:37
@ChrisForrence still no luck bro , it is not working , it echo's "login failed" even with correct user and pass. – Hemant Vyas Jul 25 '16 at 16:09
Start debugging. Call `$dbL->errorInfo()` – Honk der Hase Jul 25 '16 at 17:16

How to check if something is fetched , and then to run multiple query

1 Answers1