Can you show the configPDO.php file please, obvously replace passwords and sensitive stuff. It seems strange that when you call your “execute or die(print_r(…))” statement it’s calling print_r, which I interpret to mean that there’s a problem with the execute() function.
Yes, I was referring to where you are comparing the user type to 0 or 1 to determine which redirect to use.
$row['type'] == 0
You were missing the row KEY ‘type’.
sure, here is the configpdo.php-
<?php// mysql hostname
$hostname = 'localhost';
// mysql username
$username = 'root';
// mysql password
$password = '';
// Database Connection using PDO
try {
$dbh = new PDO("mysql:host=$hostname;dbname=signinpdo", $username, $password);
}
catch(PDOException $e)
{
echo $e->getMessage();
}
//If we will not use catch statement, then in case of error zend engine terminate the script and display a back trace. This back trace will likely reveal the full database connection details, including the username and password.
?>
So what is not working for you and can you post your latest code? The version I made on post #19 works on tests I ran.
sure,
Heres the page the login for is submitted to
session_start();
$hostname = 'localhost';
$username = 'root';
$password = '';
// Database Connection using PDO
try {
$dbh = new PDO("mysql:host=$hostname;dbname=signinpdo", $username, $password);
}
catch(PDOException $e)
{
echo $e->getMessage();
}
ini_set('display_errors',1);
error_reporting(E_ALL);
$Email=$_POST['email'];
$Password=$_POST['password'];
$sql = "SELECT `type` FROM `Members` WHERE `email` = :Email AND `password` = :Password";
$STM = $dbh->prepare($sql);
$STM->bindParam(':Email', $Email);
$STM->bindParam(':Password', $Password);
$STM->execute();
$count = $STM->rowCount();
$row = $STM -> fetch();
$STM->debugDumpParams();
echo "<br>".$sql."<br>";
echo $Email." ".$Password;
var_dump($count);
var_dump($row);
Heres the result
SQL: [78] SELECT type
FROM Members
WHERE email
= :Email AND password
= :PasswordParams: 2Key: Name: [6] :Emailparamno=-1name=[6] ":Email"is_param=1param_type=2Key: Name: [9] :Passwordparamno=-1name=[9] ":Password"is_param=1param_type=2
SELECT type
FROM Members
WHERE email
= :Email AND password
= :Password
*****@gmail.com testint 0
boolean [COLOR=#75507b]false
[/COLOR]Is it working for you?
Yes. I get
int(1) array(2) { ["type"]=> string(1) "1" [0]=> string(1) "1" }
So for my test query it is returning one record with the value of 1 for the type.
You do have that all wrapped in an IF statement that checks for POST so it’s not run before hand right?
…and I assume the table name and field names are as specified with regards to casing?
…and DB connection is good?
Not sure but should:
echo "<br>".$sql."<br>";
not be:
echo "<br>".$STM."<br>";
wouldn’t this give me an error if the connection doesn’t work
(its in my configPDO.php
try {$dbh = new PDO("mysql:host=$hostname;dbname=shoresrentals", $username, $password);
}catch(PDOException $e) { echo $e->getMessage(); }
Can you take a look at my screenshot and you can see my table, members has a user email of lurtnowski@gmail.com with a password of test
the second screenshot is the result of this
session_start();
include("db/configPDO.php");
ini_set('display_errors',1);
error_reporting(E_ALL);
$Email=$_POST['email'];
$Password=$_POST['password'];
$sql = "SELECT `type` FROM `members` WHERE `email` = :Email AND `password` = :Password";
$STM = $dbh->prepare($sql);
$STM->bindParam(':Email', $Email);
$STM->bindParam(':Password', $Password);
$STM->execute();
$count = $STM->rowCount();
$row = $STM -> fetch();
$STM->debugDumpParams();
echo "<br>".$sql."<br>";
echo $Email." ".$Password;
var_dump($count);
var_dump($row);
should I wrap the whole thing in
if(isset($_POST['submit']))
{
...
...
...
}
Does your server not support named place holders? How about with ? instead?
if(isset($_POST['submit']))
{
$Email=$_POST['email'];
$Password=$_POST['password'];
$sql = "SELECT `type` FROM `Members` WHERE `email` = ? AND `password` = ?";
$STM = $dbh->prepare($sql);
$STM->bindParam(1, $Email);
$STM->bindParam(2, $Password);
$STM->execute();
$count = $STM->rowCount();
$row = $STM -> fetch();
$STM->debugDumpParams();
echo "<br>".$sql."<br>";
echo $Email." ".$Password;
var_dump($count);
var_dump($row);
// Closing MySQL database connection
$dbh = null;
}
Note: images were not approved yet to view.
And if you run this one within try/catch, does it show any error?
if(isset($_POST['email'],$_POST['password']))
{
$Email=$_POST['email'];
$Password=$_POST['password'];
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
try {
$sql = "SELECT type FROM Members WHERE email = :Email AND password = :Password";
$STM = $dbh->prepare($sql);
$STM->bindParam(':Email', $Email);
$STM->bindParam(':Password', $Password);
$STM->execute();
$count = $STM->rowCount();
$row = $STM -> fetch();
} catch (PDOException $e) {
//Only use line below during testing your query
echo "Database error: ".$e->getMessage();
die;
}
$STM->debugDumpParams();
echo "<br>".$sql."<br>";
echo $Email." ".$Password;
var_dump($count);
var_dump($row);
// Closing MySQL database connection
$dbh = null;
}
Still can’t see images. Are you sure the table name is Members and not members. Often table names need to be lowercase.
you cant see this image,
The table was changed to lowercase (I also changed it in the script, heres the result
Heres the result when I use the ? in place of the :things in the query
[FONT=Times New Roman][TABLE=“class: xdebug-error xe-warning”]
[TR]
[TH=“bgcolor: #f57900, colspan: 5, align: left”]COLOR=#FCE94F Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: parameter was not defined in C:\wamp\www\shoresrentals\CheckLogin.php on line 17[/TH]
[/TR]
[TR]
[TH=“bgcolor: #e9b96e, colspan: 5, align: left”]Call Stack[/TH]
[/TR]
[TR]
[TH=“bgcolor: #eeeeec, align: center”]#[/TH]
[TH=“bgcolor: #eeeeec, align: left”]Time[/TH]
[TH=“bgcolor: #eeeeec, align: left”]Memory[/TH]
[TH=“bgcolor: #eeeeec, align: left”]Function[/TH]
[TH=“bgcolor: #eeeeec, align: left”]Location[/TH]
[/TR]
[TR]
[TD=“bgcolor: #eeeeec, align: center”]1[/TD]
[TD=“bgcolor: #eeeeec, align: center”]0.0000[/TD]
[TD=“bgcolor: #eeeeec, align: right”]249328[/TD]
[TD=“bgcolor: #eeeeec”]{main}( )[/TD]
[TD=“bgcolor: #eeeeec”]…\CheckLogin.php:0[/TD]
[/TR]
[TR]
[TD=“bgcolor: #eeeeec, align: center”]2[/TD]
[TD=“bgcolor: #eeeeec, align: center”]0.0040[/TD]
[TD=“bgcolor: #eeeeec, align: right”]261472[/TD]
[TD=“bgcolor: #eeeeec”]execute ( )[/TD]
[TD=“bgcolor: #eeeeec”]…\CheckLogin.php:17[/TD]
[/TR]
[/TABLE]
[/FONT][/COLOR]SQL: [65] SELECT type
FROM members
WHERE email
= ? AND password
= ? Params: 2 Key: Name: [6] :Email paramno=-1 name=[6] “:Email” is_param=1 param_type=2 Key: Name: [9] :Password paramno=-1 name=[9] “:Password” is_param=1 param_type=2
SELECT type
FROM members
WHERE email
= ? AND password
= ?
lurtnowski@gmail.com testint 0
boolean [COLOR=#75507b]false
How can I check to make sure my server supports the placeholders?[/COLOR]
Yes, when i run the try/catch thing, I get
[COLOR=#000000][FONT=Times New Roman]Database error: SQLSTATE[HY093]: Invalid parameter number: parameter was not defined
[/FONT][/COLOR]
Do you have any other $STM on the page that are not commented out (from testing), e.g. $STM = $dbh->prepare($sql); Each query variable name should be unique. Example:
$STMa = $dbh->prepare($sqla);
$STMb = $dbh->prepare($sqlb);
$STMc = $dbh->prepare($sqlc);
Any difference if you bind the names in full quotes?
$STM->bindParam(":Email", $Email);
$STM->bindParam(":Password", $Password);
when I use " instead, seems to make no difference.
When I change the code to
<?php
session_start();
include("db/configPDO.php");
if(isset($_POST['email'],$_POST['password']))
{
$Email = $_POST['email'];
$Password = $_POST['password'];
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
try {
$sql = "SELECT `type` FROM `members` WHERE `email` = :email AND `password` = :password";
$STM = $dbh->prepare($sql);
$STM->bindParam(":Email", $Email);
$STM->bindParam(":Password", $Password);
$STM->execute();
$count = $STM->rowCount();
$row = $STM -> fetch();
$STM->debugDumpParams();
echo "<br>".$sql."<br>";
echo $Email." ".$Password;
var_dump($count);
var_dump($row);
} catch (PDOException $e) {
//Only use line below during testing your query
echo "Database error: ".$e->getMessage();
}
echo "<br>".$sql."<br>";
echo $Email." ".$Password;
$dbh = null;
}
?>
I get
Database error: SQLSTATE[HY093]: Invalid parameter number: parameter was not defined
SELECT type
FROM members
WHERE email
= :email AND password
= :password
[COLOR=#000000][FONT=Times New Roman]lurtnowski@gmail.com test
How can the parameters not be defined when the variables are?[/FONT][/COLOR]
Do you have any other $STM on the page that are not commented out (from testing), e.g. $STM = $dbh->prepare($sql);
I see your casing is different. Why did you change that???
$sql = "SELECT `type` FROM `members` WHERE `email` = :email AND `password` = :password";
$STM = $dbh->prepare($sql);
$STM->bindParam(":Email", $Email);
$STM->bindParam(":Password", $Password);
Oh…, I tried to make everything lowercase. Forgot to change that too, sorry… it works now
(embarrassed)