SitePoint Sponsor

User Tag List

Results 1 to 10 of 10
  1. #1
    SitePoint Wizard
    Join Date
    Feb 2009
    Posts
    1,005
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    $stmt->execute() - what next ?

    Hello again, sorry for all those posts but I'm particularly slow this morning.

    I'm not sure how this may work.

    I need to fetch the data from a given query, then use that fetched data to put on session variables.

    I'm with something like this right now:
    PHP Code:
    $stmt $this->_dbh->prepare("
                                                SELECT id_utilizador, nivel_utilizador
                                                FROM utilizador
                                                WHERE nome_utilizador = ? AND password_utilizador = ? AND estado_utilizador = ?"
                                            
    );
                
    $stmt->bindParam(1,  $utilizadorVo->getNome(), PDO::PARAM_STR255);
                
    $stmt->bindParam(2,  $utilizadorVo->getPassword(), PDO::PARAM_STR255);
                
    $stmt->bindParam(3,  $utilizadorVo->getEstado(), PDO::PARAM_INT1);

                
    $stmt->execute(); 
    But this will:
    a) prepare the statement;
    b) bind parameters;
    c) execute;

    The execute, according to the documentation, executes the prepared statement, and returns either TRUE or FALSE on success.

    1)
    This TRUE or FALSE on success means:
    a) Return TRUE if the query is executed (even if no records were found) ?
    or
    b) Return TRUE if the query is executed and returns records ?

    2)
    What's the point of doing a select and then do nothing with the returned results? I believe that after this, we need to fetch the data somehow no?
    But on the PHP website the examples stop on that (I believe inconsequent) execute();

    What am I missing? (besides some sleep hours?)


    Márcio

  2. #2
    Twitter: @AnthonySterling silver trophy AnthonySterling's Avatar
    Join Date
    Apr 2008
    Location
    North-East, UK.
    Posts
    6,111
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    fetch()
    @AnthonySterling: I'm a PHP developer, a consultant for oopnorth.com and the organiser of @phpne, a PHP User Group covering the North-East of England.

  3. #3
    rajug.replace('Raju Gautam'); bronze trophy Raju Gautam's Avatar
    Join Date
    Oct 2006
    Location
    Kathmandu, Nepal
    Posts
    4,013
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    $stmt->fetchAll(); 
    Is this the one you are looking for?
    Mistakes are proof that you are trying.....
    ------------------------------------------------------------------------
    PSD to HTML - SlicingArt.com | Personal Blog | ZCE - PHP 5

  4. #4
    SitePoint Wizard
    Join Date
    Feb 2009
    Posts
    1,005
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by oikram View Post
    2)
    (...)
    What am I missing?
    This at the end perhaps?
    PHP Code:
    $fetchedData $stmt->fetchAll(PDO::FETCH_OBJ); 

    Only the 1) prevails I believe.


    Thanks again,
    Márcio

  5. #5
    SitePoint Wizard
    Join Date
    Feb 2009
    Posts
    1,005
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes. Thank you.

    About the first question, I believe I can test it.

    But ok, what are the point then, of doing a select of some results, and then do nothing with them, like on the examples showed here:
    http://www.php.net/manual/en/pdostatement.execute.php

    ?

    Thanks again,
    Marcio

  6. #6
    SitePoint Wizard
    Join Date
    Feb 2009
    Posts
    1,005
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Actually, since we want only one record (for login proposes on this case), we don't need to fetchAll and return an array.

    I believe this will do better:
    PHP Code:
    $result $stmt->fetch(PDO::FETCH_OBJ); 
    So that when we want to retrieve the values fetched we can simply do:
    $result->my_database_column_name_that_I_want_to_retrieve;

    Instead of:
    $result[0]->my_database_column_name_that_I_want_to_retrieve;

    I mean, there's no point for searching an array key when we will always search the same key, right?

    Please correct if I'm wrong. If not, this stays for others and for future checks by myself.

  7. #7
    SitePoint Wizard bronze trophy Immerse's Avatar
    Join Date
    Mar 2006
    Location
    Netherlands
    Posts
    1,661
    Mentioned
    7 Post(s)
    Tagged
    1 Thread(s)
    Well, for a login process you might want to collect all the returned rows to see if there are more than one.

    Usually with login systems:
    0 records -> user does not exist or password is wrong
    1 record -> user is found, great!
    > 1 records -> something is wrong! There are more users than there should be with the same username

    Of course, with correct validation when inserting the users this should never happen

  8. #8
    SitePoint Wizard
    Join Date
    Feb 2009
    Posts
    1,005
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Immerse View Post
    Well, for a login process you might want to collect all the returned rows to see if there are more than one.

    Usually with login systems:
    0 records -> user does not exist or password is wrong
    1 record -> user is found, great!
    > 1 records -> something is wrong! There are more users than there should be with the same username
    Well... I'm not sure if I will need to differentiate between having no records, or having more then 1 record for the login. Both should not allow the user to login, and of course, that third option should never arrive in the first place, I believe.

    So I'm having something like this, that limits the records to 1, and is based on this query that I found useless to return an array.

    PHP Code:
    SELECT id_utilizadornivel_utilizador FROM utilizador WHERE nome_utilizador = ? AND password_utilizador = ? AND estado_utilizador 1 LIMIT 1 
    Immerse, do you found a reason for us to actually know if there is more then one user or, like me, do you believe that THAT problem should be deal earlier on the process?

    Thanks a lot,
    Márcio

  9. #9
    SitePoint Wizard bronze trophy Immerse's Avatar
    Join Date
    Mar 2006
    Location
    Netherlands
    Posts
    1,661
    Mentioned
    7 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by oikram View Post
    Immerse, do you found a reason for us to actually know if there is more then one user or, like me, do you believe that THAT problem should be deal earlier on the process?
    The problem of multiple users should never arise, as uniqueness of the username should be checked when the user is created or an existing user is updated (and ideally it should be enforced by the database).

    Maybe my example wasn't such a good example

    I suppose that SQL injection attacks could lead to more than 0 or 1 results being returned, but you already have that covered as you're using PDO and prepared statements.

  10. #10
    SitePoint Wizard
    Join Date
    Feb 2009
    Posts
    1,005
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    So, if you agree, we can stick without fetching an array until a reason comes by.
    But once I feel the need to differentiate a "0 users" case with the "more then 1 user" case - I will surely recall it here.

    Thanks for your feedback.

    Márcio


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •