0

I was following an online tutorial lesson about login system with PHP. Everything works fine as far as lesson is concerned.

Now I added a new data column named "time" of type INT. And I want to update it with the time as soon as user has logged in. In the below code, I tried to update it. But it shows no error, but doesn't work(update the "time" variable), either. I don't know PHP very well, so I think I'm not doing it right. So help me with my code.

<?php
    session_start();
// Change this to your connection info.
$DATABASE_HOST = 'localhost';
$DATABASE_USER = 'root';
$DATABASE_PASS = '';
$DATABASE_NAME = 'accounts';
// Try and connect using the info above.
$con = mysqli_connect($DATABASE_HOST, $DATABASE_USER, $DATABASE_PASS, $DATABASE_NAME);
if ( mysqli_connect_errno() ) {
    // If there is an error with the connection, stop the script and display the error.
    die ('Failed to connect to MySQL: ' . mysqli_connect_error());
}

// Now we check if the data from the login form was submitted, isset() will check if the data exists.
if ( !isset($_POST['username'], $_POST['password']) ) {
    // Could not get the data that should have been sent.
    die ('Please fill both the username and password field!');
}

// Prepare our SQL, preparing the SQL statement will prevent SQL injection.
if ($stmt = $con->prepare('SELECT id, password FROM accounts WHERE username = ?')) {
    // Bind parameters (s = string, i = int, b = blob, etc), in our case the username is a string so we use "s"
    $stmt->bind_param('s', $_POST['username']);
    $stmt->execute();
    // Store the result so we can check if the account exists in the database.
    $stmt->store_result();
}

if ($stmt->num_rows > 0) {
    $stmt->bind_result($id, $password);
    $stmt->fetch();
    // Account exists, now we verify the password.
    // Note: remember to use password_hash in your registration file to store the hashed passwords.
    if (password_verify($_POST['password'], $password)) {
        // Verification success! User has loggedin!
        // Create sessions so we know the user is logged in, they basically act like cookies but remember the data on the server.
        session_regenerate_id();
        $_SESSION['loggedin'] = TRUE;
        $_SESSION['name'] = $_POST['username'];
        $_SESSION['id'] = $id;

        // I want to update "time" in my table
        $now = time();
        $stmt = $con->prepare('UPDATE accounts SET time = ? WHERE id = ?');
        $stmt->bind_param('i', $now, $id);
        $stmt->execute();

        //echo 'Welcome ' . $_SESSION['name'] . '!';
        header('Location: home.php');
    } else {
        echo 'Incorrect password!';
    }
} else {
    echo 'Incorrect username!';
}
$stmt->close();
?>

my table

Dharman
  • 30,962
  • 25
  • 85
  • 135
dguy
  • 140
  • 9
  • fyi, there are [DATE, DATETIME, and TIMESTAMP](https://dev.mysql.com/doc/refman/8.0/en/datetime.html) types in MySQL (instead of INT) – brombeer Nov 07 '19 at 07:01
  • @kerbholz Yes I aware of them, but I need time in `INT`. – dguy Nov 07 '19 at 07:03
  • There should be two i as there are two bind parameters $stmt->bind_param('i', $now, $id); – Harshit Sethi Nov 07 '19 at 07:06
  • @Harshit Sethi Like this? $stmt->bind_param('i','i', $now, $id); Seems doesn't work. No error, no warring. – dguy Nov 07 '19 at 07:12
  • no just like this $stmt->bind_param('ii', $now, $id); – Harshit Sethi Nov 07 '19 at 07:14
  • If you are new (or old) to PHP you should be, at least, looking up these commands on php.net and reading up on them and getting some understanding of them. – TimBrownlaw Nov 07 '19 at 07:22
  • 1
    @TimBrownlaw i have a much better alternative. I am writing mysqli tutorials that are up to date and *complete* which makes them different from the manual pages dedicated each to its own function. Here is [how to connect](https://phpdelusions.net/mysqli/mysqli_connect) and [how to select](https://phpdelusions.net/mysqli_examples/select). – Your Common Sense Nov 07 '19 at 07:50
  • @YourCommonSense Nice. I'll have to give it a read a bit later on - bookmarked for now. – TimBrownlaw Nov 07 '19 at 08:12
  • @TimBrownlaw Thank you. Please drop a line if you find some error or have a question. I really want to make it as complete as possible. – Your Common Sense Nov 07 '19 at 08:15

1 Answers1

0

In your update code. $stmt->bind_param('i', $now, $id); you forgot to add another i.

It should be

$stmt->bind_param('ii', $now, $id);
Bluetree
  • 1,324
  • 2
  • 8
  • 25