0

I have a php script who ask my database with PDO to verify if some values sent exists. If they exists, the database respond with the id of this line's value. I tested the query on mysql and it works but the value received is false. This code is only for personal use. There is the code :

<?php
include("../template/pdo.php");
$query = $pdo->prepare("SELECT id_utilisateur FROM utilisateur
      WHERE `mail` IN ( ':mail' )
        AND `mdp` IN ( ':mdp' )");
$query->bindParam(':mail', $_GET['identifiant'], PDO::PARAM_STR);
$query->bindParam(':mdp', $_GET['mdp'], PDO::PARAM_STR);
$success = $query->execute();

if($success)
{
  $result = $query->fetch();
  var_dump($result); //bool(false) actually
  if($result == false){
    $message = "Try again.";
  }
  else{
    $message = "Congratulation !";
  }
}

I tested everything I know :

  • $_GET is a print/paste from my database table to my url and i have print him

  • Printed/pasted on phpMyAdmin the query from PDOStatement::debugDumpParams() with my $_GET values

  • pdo.php work and used on other scripts

  • No log in my logs files.

Someone can help me ? Thanks !

Rick James
  • 135,179
  • 13
  • 127
  • 222
Lina M
  • 103
  • 1
  • 11
  • ':mail' command separated ids ?? – Danyal Sandeelo Jun 27 '18 at 13:28
  • 4
    Do not quote your placeholders. It will read it as a string instead of placing your value in it. – aynber Jun 27 '18 at 13:28
  • 3
    Possible duplicate of [When to use single quotes, double quotes, and back ticks in MySQL](https://stackoverflow.com/questions/11321491/when-to-use-single-quotes-double-quotes-and-back-ticks-in-mysql) – aynber Jun 27 '18 at 13:30
  • 2
    I also question the user of `IN ( )` here. If these inputs are arrays or comma separated values, you can't bind them from a single placeholder. – Devon Bessemer Jun 27 '18 at 13:32
  • anyber you're my lord, it works. I knew that a tiny thing was guilty but did't found .. – Lina M Jun 27 '18 at 13:36

1 Answers1

0
  • If you are testing against a single value use =, not IN.
  • If you have a list of values, several changes are needed.
  • The bind code will add quotes, you already have quotes. Remove your quotes.
Rick James
  • 135,179
  • 13
  • 127
  • 222