I am having trouble implementing the below prepared statement. I have used this same prepared statement code and made it work elsewhere so not sure where I am going wrong. I had the below script up and running without a prepared statement which used concatenation so I know there is no issue with my SQL or the initial email/password validation.
The database query only returns one row, i dont think this should affect my while array fetch?
Email address and password set to strings in the prepared statement ('ss')
, assuming no issues with that.
I used get_password_hash($p)
in my initial query concatenation and it worked. Perhaps I should include it in the bind param like this:
$loginQuery->bind_param('ss',$e,get_password_hash($p));
instead of below...
Any advice would be much appreciated.
// Array for recording errors:
$login_errors = array();
// Validate the email address:
if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
$e = $_POST['email'];
} else {
$login_errors['login'] = 'Please enter a valid email address!';
}
// Validate the password:
if (!empty($_POST['pass'])) {
$p = $_POST['pass'];
} else {
$login_errors['pass'] = 'Please enter your password!';
}
if (empty($login_errors)) { // OK to proceed!
// Query the database:
/************NO ISSUES WITH ABOVE; THIS WORKED FINE BEFORE I TRIED CONVERTING TO PREPARED STATEMENTS************/
$pas = get_password_hash($p);
$loginQuery = $dbc->prepare("SELECT id, username, type, IF(date_expires >= NOW(), true, false) FROM user WHERE (email= ? AND pass= ?)");
$loginQuery->bind_param('ss',$e,$pas);
$loginQuery->execute();
$loginQuery->bind_result($l);
while(loginQuery->fetch()){
$login = $l;
$_SESSION['user_id'] = $login[0];
$_SESSION['username'] = $login[1];
}
}