Login script - switch to prepared statement - PHP Server Side Scripting forum at WebmasterWorld

Hi, i try to figure it out, how to change normal mysql_query to prepared statement. My code is:


$user = strtolower($_POST['user']);
$pass = mysql_real_escape_string($_POST['pass']);
$pwd = md5($pass);
$query = "SELECT user, confirmed, adm FROM usr WHERE user = '$var1' AND pass = '$var2'";
$result = mysql_query($query);

if (!$result || mysql_num_rows($result) < 1){
$feedback = 'wrong entry, try again';
return $feedback;
} else {
if (mysql_result($result, 0, 'is_confirmed') == '1') {
user_set_tokens($user);
return 1;
} else {
$feedback = 'This account is not validated';
return $feedback;}

Now, i try to make same thing but with prepared statement.


$db = new mysqli('localhost', 'username', 'password', 'database');
$stmt = $db->stmt_init();
if($stmt->prepare("SELECT `user`, `confirmed`, `adm` FROM `usr` WHERE `user` = ? AND pass = ?")) {
$stmt->bind_param('ss', $a, $b);
$a = "$var1";
$b = "$var2"; 
$stmt->execute();
$stmt->bind_result($c, $d, $e);
while($stmt->fetch()) {
$result = "$d";
}
$stmt->close();
}

Ok now i want to make exactly same thing as before:
I mean:


if (!$result || mysql_num_rows($result) < 1){
$feedback = 'wrong entry, try again';
return $feedback;
} else {
if (mysql_result($result, 0, 'is_confirmed') == '1') {
user_set_tokens($user);
return 1;
} else {
$feedback = 'This account is not validated';
return $feedback;}

But i don't know how .. When i try this with prepared statement, i got error messages.
Please assist .. Thanks

$result = mysql_query($query); if (!$result || mysql_num_rows($result) < 1){ $feedback = 'wrong entry, try again'; return $feedback; } else { if (mysql_result($result, 0, 'is_confirmed') == '1') { user_set_tokens($user); return 1; } else { $feedback = 'This account is not validated'; return $feedback;}

$db = new mysqli('localhost', 'username', 'password', 'database');
$stmt = $db->stmt_init();
if($stmt->prepare("SELECT `user`, `confirmed`, `adm` FROM `usr` WHERE `user` = ? AND pass = MD5(?)")) {
$stmt->bind_param('ss', $form_user, $form_pass);
$stmt->execute();
$stmt->bind_result($user, $confirmed, $adm);
if($stmt->fetch()) {
if($confirmed == '1') {
user_set_tokens($user);
return 1;
} else {
return 'This account is not validated';
}
} else {
return 'wrong entry, try again';
}
$stmt->close();
$db->close();

Login script - switch to prepared statement

mysql query - how to?

bethesda

eelixduppy

bethesda

eelixduppy

bethesda

bethesda

eelixduppy

bethesda

bethesda

bethesda

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week