PDO Statement Where am i going wrong

PHP
1

i have the following code it takes a MD5 from a $post and is suppose to return the username but it always says empty query.

can any one see where i am going wrong?


// Check Hash
$stmt = $db->prepare("SELECT * FROM `userpie_users` WHERE `hash` = :hash");
$stmt->bindParam(':hash', $hash,PDO::PARAM_STR);
$stmt->execute();

    if ($data = $stmt->fetch()) {
        do {
            echo $data['username'] . '<br>';
        } while ($data = $stmt->fetch());
    } else {
        echo 'Empty Query';
    }
2 

<?php

// Check Hash
$stmt = $db->prepare("SELECT * FROM `userpie_users` WHERE `hash` = :hash");
$stmt->bindParam(':hash', $hash,PDO::PARAM_STR);
$stmt->execute();

$users = $stmt->fetchAll(PDO::FETCH_ASSOC);

if (count($users) < 1 )) {
    echo 'No users were found';
} elseif (count($users) === 1 )) {
    echo $data['username'] . '<br>';
} else {
    echo 'Something went wrong, please contact an Administrator!';
}

?>

I’m guessing that this is part of a login script.

  1. If you’re only using the username from the query then only select that in the SELECT clause of the query, otherwise you waste resources.
  2. Don’t use md5 for password hashes, the md5 method has been rainbow tabled to death. You should be using sha256 at the minimum.
  3. With any query if you’re having trouble with it, you should always try it direct against the database to check if a problem is down to a dodgy query.

With regard to point number two (From post: http://www.sitepoint.com/forums/showthread.php?1171086-What-s-Your-Prefered-Hashing-Method&p=5572875&viewfull=1#post5572875)

Your best bet is to use the password hashing functions (new to PHP 5.5). This way, you won’t have to specify an algorithm, a cost, or even a salt. It does it all for you, and it does it right. If you need to support versions of PHP earlier tha 5.5, then you can use this [URL=“https://github.com/ircmaxell/password_compat”]forward compatibility library.

3

Many thanks.

Its to form part of an api the username n password I dont wish to have the users use.
I had been trying allsorts to get it working n it just kept failing.

Ill try and this shortly n report back.

Many thanks!!!

4

i had to remove two of the ) as php was complaing sytax issues

the mysql query that returns what i want is


SELECT * 
FROM  `userpie_users` 
WHERE  `hash` =  '9aba4cf9c622c789460e52f11901af74'
LIMIT 0 , 30

but when posting this to the script i.e the has it still shows there is none found