PHP Mysqli bind_param query not returning results

Question

Intro: I'm trying to do a sql-injection proof login on my website, so I'm using mysqli bind param, I've created the query following instructions from the official manual of php.net, unfortunately it doesn't work as expected.

Here is my query code:

//Asign post to variables
$var1 = $_POST["email"];
$var2 = $_POST["pwd"];

if(isset($_POST['submit'])){
//Query SQL
$sql = $mysqli->prepare("SELECT * FROM main WHERE email = ? AND pass = ?");
$sql->bind_param("ss", $var1, $var2);
$sql->execute();
$sql->bind_result($email, $pass, $license);
$sql->fetch();

echo $email;
echo $pass;
echo $license;                  
}

So, this piece of code should echo the three fields it fetched from my database but it doesn't return anything. My database connection is perfectly fine, because this query was working perfectly without any kind of bind_param.

Summing up, I want to know why it doesn't echo the 3 values i got from the Sql query (they show up as unexistent)

Edit My error was I was doinng "bind_result" instead of "get_rersult" which is much better if you are selecting everything (*)

mmta41 · Accepted Answer · 2017-02-19T13:45:33.513

-1

Edit: sorry I didn't notice you are using mysqli connection

you can use get_result instead of bind_result

$sql = $mysqli->prepare("SELECT * FROM main WHERE email = ? AND pass = ?");
$sql->bind_param("ss", $var1, $var2);
$sql->execute();
$rows    = $sql->get_result();
$row     = $rows->fetch_assoc();
$email   = $row['email'];
$pass    = $row['pass'];
$license = $row['license'];

edited Feb 19 '17 at 13:45

answered Feb 19 '17 at 08:07

mmta41

274
2
13

Hi, thank you for your answer but the code didn't work at all. It keeps giving empty results – Carlos Xam-mar Feb 19 '17 at 12:53

PHP Mysqli bind_param query not returning results

1 Answers1