Something wrong with mysqli statement prepare

Question

I have an error with my PHP code. This statement header("Location: /pluto_project/index.php?error=nouser"); in my else statement always get executed.

I'm just a newbie in PHP and I don't have a vast knowledge about everything. Please help me. Thanks a lot.

<?php
    
if(isset($_POST['submit']))
{
    require 'database_handler.inc.php';

    $user_name = $_POST['name'];
    $password = $_POST['password'];

    if(empty($user_name) || empty($password) ) {
        header("Location: /pluto_project/index.php?error=emptyFields&username=".$user_name);
        exit();
    }
    else{
        $sql = "SELECT * FROM users WHERE username=?";
        $statement = mysqli_stmt_init($connection);

        if(!mysqli_stmt_prepare($statement, $sql)){
            header("Location: /pluto_project/index.php?error=sqlError");
            exit();
        }
        else{
            mysqli_stmt_bind_param($statement, "s", $username);
            mysqli_stmt_execute($statement);

            $result = mysqli_stmt_get_result($statement);

            if($row = mysqli_fetch_assoc($result) ){
                $password_check = password_verify($password, $row['upassword']);
                
                if(!$password_check){
                    header("Location: /pluto_project/index.php?error=wrongpassword");
                    exit();
                }
                else if($password_check){
                    session_start();
                    $_SESSION['userID'] = $row['id_user'];
                    $_SESSION['userName'] = $row['username'];
                    
                    header("Location: /pluto_project/index.php?login=success");
                    exit();
                        
                }
                else{
                    header("Location: /pluto_project/index.php?error=sqlError");
                    exit();
                }
            }
            else{
                header("Location: /pluto_project/index.php?error=nouser");
                exit();
            }
        }
    }
}
else{
    header("Location: /pluto_project/index.php");
    exit();
}

I believe it's because `$row = mysqli_fetch_assoc($result)` always return something that PHP evaluated to false. I recommend you move the `$row = mysqli_fetch_assoc($result)` outside of the if statement condition and use `var_dump()` to see its content. Something like `$row = mysqli_fetch_assoc($result); var_dump($row); /* Your if statement */` — theminer3746, Jul 15 '20 at 09:46
Thanks, @theminer3746 but I've already solved the error (thanks for @Amacado) but right now I have a new one lol. — Steven Charles, Jul 15 '20 at 09:54
Your code is very if/else nested at too many levels. It is only increasing indenting with no reason and make the code unreadable. There is no reason to add else when if block does return, break, continue, exit, throw. — armagedescu, Jul 15 '20 at 09:58
You need to stop manually checking for errors. Please read: [Should we ever check for mysqli_connect() errors manually?](https://stackoverflow.com/q/58808332/1839439) and [Should I manually check for errors when calling “mysqli_stmt_prepare”?](https://stackoverflow.com/q/62216426/1839439) — Dharman, Jul 15 '20 at 10:19

score 0 · Accepted Answer · answered Jul 15 '20 at 09:30

0

You are using an undefined variable in your sql statement. In your binding you refer to $username but in your variable definition you define $user_name.

// wrong code
$user_name = $_POST['name'];
mysqli_stmt_bind_param($statement, "s", $username);

// fixed code
$user_name = $_POST['name'];
mysqli_stmt_bind_param($statement, "s", $user_name);

Try changing the statement/variable to match your declaration.

answered Jul 15 '20 at 09:30

Amacado

630
5
20

Oops sorry. But I still get an error about the wrong password, but I'm really sure I typed the correct password – Steven Charles Jul 15 '20 at 09:37

Something wrong with mysqli statement prepare

1 Answers1