PHP PDO execute/prepare doesn't seem to work

Question

<?php    
    $abc = $objpdo->prepare("SELECT * FROM testdb.users WHERE user = ':login' AND user_pass=PASSWORD(':password')");
    $abc->bindParam(':login', $_POST['name']);
    $abc->bindParam(':password', $_POST['pw']);    
    $abc->execute(); 
    echo $abc->rowCount();
    // the example above doesn't work rowCount is always 0
    $abc = $objpdo->prepare("SELECT * FROM testdb.users WHERE user = '?' AND user_pass=PASSWORD('?')");
    $abc->execute([$_POST['name'], $_POST['pw']]);
    echo $abc->rowCount();
    // and again rowCount is always 0
    $abc = $objpdo->query("SELECT * FROM testdb.users WHERE user = '".$_POST['name']."' AND user_pass=PASSWORD('".$_POST['pw']."')");
    echo $abc->rowCount();
    // this thing here is working
?>

The prepared statements i have at my code doesn't seem to work, the strange thing is when i try running query() without preparing it but just directly passing the values to the string its working.

Note that i always try this code with existed users/passwords.

score 1 · Accepted Answer · answered May 25 '17 at 17:47

1

The placeholders don't need quotes around them or else the query will just treat them as strings, not placeholders.

$abc = $objpdo->prepare("SELECT * FROM testdb.users WHERE user = :login AND user_pass=PASSWORD(:password)");

Same with the ordinal placeholders (question marks):

$abc = $objpdo->prepare("SELECT * FROM testdb.users WHERE user = ? AND user_pass=PASSWORD(?)");

answered May 25 '17 at 17:47

Jonathan Kuhn

15,279
3
32
43

I'm getting this error now: http://prntscr.com/fc1y0x – Dennis May 25 '17 at 18:00
@Dennis that is another issue and question altogether and should be researched/asked separately from this one. However, it would appear that the collation setting on your table doesn't match the data passed in. – Jonathan Kuhn May 25 '17 at 18:03
Hmm okay thank you – Dennis May 25 '17 at 18:31

PHP PDO execute/prepare doesn't seem to work

1 Answers1