Redirecting?

PHP
21

Can you show the configPDO.php file please, obvously replace passwords and sensitive stuff. It seems strange that when you call your “execute or die(print_r(…))” statement it’s calling print_r, which I interpret to mean that there’s a problem with the execute() function.

22

Yes, I was referring to where you are comparing the user type to 0 or 1 to determine which redirect to use.

$row['type'] == 0

You were missing the row KEY ‘type’.

23

sure, here is the configpdo.php-

<?php// mysql hostname
$hostname = 'localhost';
// mysql username
$username = 'root';
// mysql password
$password = '';
// Database Connection using PDO
try {
$dbh = new PDO("mysql:host=$hostname;dbname=signinpdo", $username, $password);


    }
catch(PDOException $e)
    {
    echo $e->getMessage();
    }
//If we will not use catch statement, then in case of error zend engine terminate the script and display a back trace. This back trace will likely reveal the full database connection details, including the username and password.  
?>
24

So what is not working for you and can you post your latest code? The version I made on post #19 works on tests I ran.

25

sure,
Heres the page the login for is submitted to


session_start();


$hostname = 'localhost';


$username = 'root';


$password = '';
// Database Connection using PDO
try {
$dbh = new PDO("mysql:host=$hostname;dbname=signinpdo", $username, $password);


    }
catch(PDOException $e)
    {
    echo $e-&gt;getMessage();
    }



ini_set('display_errors',1);
error_reporting(E_ALL);

$Email=$_POST['email'];
$Password=$_POST['password'];


$sql =  "SELECT `type` FROM `Members` WHERE `email` = :Email AND `password` = :Password";


$STM = $dbh-&gt;prepare($sql);


$STM-&gt;bindParam(':Email', $Email);
$STM-&gt;bindParam(':Password', $Password);
$STM-&gt;execute();
$count = $STM-&gt;rowCount();


$row  = $STM -&gt; fetch();


$STM-&gt;debugDumpParams();


echo "&lt;br&gt;".$sql."&lt;br&gt;";
echo $Email." ".$Password;
var_dump($count);
var_dump($row);

Heres the result

SQL: [78] SELECT type FROM Members WHERE email = :Email AND password = :PasswordParams: 2Key: Name: [6] :Emailparamno=-1name=[6] ":Email"is_param=1param_type=2Key: Name: [9] :Passwordparamno=-1name=[9] ":Password"is_param=1param_type=2
SELECT type FROM Members WHERE email = :Email AND password = :Password
*****@gmail.com testint 0
boolean [COLOR=#75507b]false

[/COLOR]Is it working for you?

26

Yes. I get

int(1) array(2) { ["type"]=> string(1) "1" [0]=> string(1) "1" }

So for my test query it is returning one record with the value of 1 for the type.

You do have that all wrapped in an IF statement that checks for POST so it’s not run before hand right?

…and I assume the table name and field names are as specified with regards to casing?
…and DB connection is good?

27

Not sure but should:

echo "<br>".$sql."<br>";

not be:

echo "<br>".$STM."<br>";
28

wouldn’t this give me an error if the connection doesn’t work
(its in my configPDO.php


try {$dbh = new PDO("mysql:host=$hostname;dbname=shoresrentals", $username, $password);
    }catch(PDOException $e)    {    echo $e->getMessage();    }

Can you take a look at my screenshot and you can see my table, members has a user email of lurtnowski@gmail.com with a password of test

the second screenshot is the result of this


session_start();
include("db/configPDO.php");


ini_set('display_errors',1); 
error_reporting(E_ALL);
 
$Email=$_POST['email']; 
$Password=$_POST['password']; 


$sql =  "SELECT `type` FROM `members` WHERE `email` = :Email AND `password` = :Password";


$STM = $dbh-&gt;prepare($sql);


$STM-&gt;bindParam(':Email', $Email);
$STM-&gt;bindParam(':Password', $Password);
$STM-&gt;execute();
$count = $STM-&gt;rowCount();


$row  = $STM -&gt; fetch();


$STM-&gt;debugDumpParams();  


echo "&lt;br&gt;".$sql."&lt;br&gt;";
echo $Email." ".$Password;
var_dump($count);
var_dump($row);

should I wrap the whole thing in


if(isset($_POST['submit'])) 
{
...
...
...
}
29

Does your server not support named place holders? How about with ? instead?

if(isset($_POST['submit']))
{
	$Email=$_POST['email'];
	$Password=$_POST['password'];
	
	
	$sql =  "SELECT `type` FROM `Members` WHERE `email` = ? AND `password` = ?";
	
	
	$STM = $dbh-&gt;prepare($sql);
	
	
	$STM-&gt;bindParam(1, $Email);
	$STM-&gt;bindParam(2, $Password);
	$STM-&gt;execute();
	$count = $STM-&gt;rowCount();
	
	
	$row  = $STM -&gt; fetch();
	
	
	$STM-&gt;debugDumpParams();
	
	
	echo "&lt;br&gt;".$sql."&lt;br&gt;";
	echo $Email." ".$Password;
	var_dump($count);
	var_dump($row);
		// Closing MySQL database connection
	    $dbh = null;	
}

Note: images were not approved yet to view.

30

And if you run this one within try/catch, does it show any error?

if(isset($_POST['email'],$_POST['password']))
{
	$Email=$_POST['email'];
	$Password=$_POST['password'];
	
	$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);	
	try {
		$sql =  "SELECT type FROM Members WHERE email = :Email AND password = :Password";
		
		
		$STM = $dbh->prepare($sql);
		
		$STM->bindParam(':Email', $Email);
		$STM->bindParam(':Password', $Password);
		$STM->execute();
		$count = $STM->rowCount();
		
		
		$row  = $STM -> fetch();
	} catch (PDOException $e) {	
		//Only use line below during testing your query
		echo "Database error: ".$e->getMessage();
		die;
	}
	
	
	$STM->debugDumpParams();
	
	
	echo "<br>".$sql."<br>";
	echo $Email." ".$Password;
	var_dump($count);
	var_dump($row);
	// Closing MySQL database connection
    $dbh = null;	
}
31

Still can’t see images. Are you sure the table name is Members and not members. Often table names need to be lowercase.

32

you cant see this image,

The table was changed to lowercase (I also changed it in the script, heres the result

Heres the result when I use the ? in place of the :things in the query

[FONT=Times New Roman][TABLE=“class: xdebug-error xe-warning”]
[TR]
[TH=“bgcolor: #f57900, colspan: 5, align: left”]COLOR=#FCE94F Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: parameter was not defined in C:\wamp\www\shoresrentals\CheckLogin.php on line 17[/TH]
[/TR]
[TR]
[TH=“bgcolor: #e9b96e, colspan: 5, align: left”]Call Stack[/TH]
[/TR]
[TR]
[TH=“bgcolor: #eeeeec, align: center”]#[/TH]
[TH=“bgcolor: #eeeeec, align: left”]Time[/TH]
[TH=“bgcolor: #eeeeec, align: left”]Memory[/TH]
[TH=“bgcolor: #eeeeec, align: left”]Function[/TH]
[TH=“bgcolor: #eeeeec, align: left”]Location[/TH]
[/TR]
[TR]
[TD=“bgcolor: #eeeeec, align: center”]1[/TD]
[TD=“bgcolor: #eeeeec, align: center”]0.0000[/TD]
[TD=“bgcolor: #eeeeec, align: right”]249328[/TD]
[TD=“bgcolor: #eeeeec”]{main}( )[/TD]
[TD=“bgcolor: #eeeeec”]…\CheckLogin.php:0[/TD]
[/TR]
[TR]
[TD=“bgcolor: #eeeeec, align: center”]2[/TD]
[TD=“bgcolor: #eeeeec, align: center”]0.0040[/TD]
[TD=“bgcolor: #eeeeec, align: right”]261472[/TD]
[TD=“bgcolor: #eeeeec”]execute ( )[/TD]
[TD=“bgcolor: #eeeeec”]…\CheckLogin.php:17[/TD]
[/TR]
[/TABLE]
[/FONT][/COLOR]SQL: [65] SELECT type FROM members WHERE email = ? AND password = ? Params: 2 Key: Name: [6] :Email paramno=-1 name=[6] “:Email” is_param=1 param_type=2 Key: Name: [9] :Password paramno=-1 name=[9] “:Password” is_param=1 param_type=2
SELECT type FROM members WHERE email = ? AND password = ?
lurtnowski@gmail.com testint 0
boolean [COLOR=#75507b]false

How can I check to make sure my server supports the placeholders?[/COLOR]

33

Yes, when i run the try/catch thing, I get

[COLOR=#000000][FONT=Times New Roman]Database error: SQLSTATE[HY093]: Invalid parameter number: parameter was not defined

[/FONT][/COLOR]

34

Do you have any other $STM on the page that are not commented out (from testing), e.g. $STM = $dbh->prepare($sql); Each query variable name should be unique. Example:
$STMa = $dbh->prepare($sqla);
$STMb = $dbh->prepare($sqlb);
$STMc = $dbh->prepare($sqlc);

Any difference if you bind the names in full quotes?


$STM->bindParam(":Email", $Email);
$STM->bindParam(":Password", $Password);
35

when I use " instead, seems to make no difference.
When I change the code to


&lt;?php
session_start();
include("db/configPDO.php");


if(isset($_POST['email'],$_POST['password']))  
{  
$Email = $_POST['email']; 
$Password = $_POST['password']; 
    $dbh-&gt;setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);     
    try { 
	$sql =  "SELECT `type` FROM `members` WHERE `email` = :email AND `password` = :password";


	$STM = $dbh-&gt;prepare($sql);
	
	$STM-&gt;bindParam(":Email", $Email);
	$STM-&gt;bindParam(":Password", $Password);
	$STM-&gt;execute();
	$count = $STM-&gt;rowCount();
	
	$row  = $STM -&gt; fetch();
	
	$STM-&gt;debugDumpParams();  
	
	echo "&lt;br&gt;".$sql."&lt;br&gt;";
	echo $Email." ".$Password;
	var_dump($count);
	var_dump($row);
    } catch (PDOException $e) {     
        //Only use line below during testing your query 
        echo "Database error: ".$e-&gt;getMessage(); 
    }  
echo "&lt;br&gt;".$sql."&lt;br&gt;";
echo $Email." ".$Password;


$dbh = null;
}
?&gt;

I get

Database error: SQLSTATE[HY093]: Invalid parameter number: parameter was not defined
SELECT type FROM members WHERE email = :email AND password = :password
[COLOR=#000000][FONT=Times New Roman]lurtnowski@gmail.com test

How can the parameters not be defined when the variables are?[/FONT][/COLOR]

36

Do you have any other $STM on the page that are not commented out (from testing), e.g. $STM = $dbh->prepare($sql);

I see your casing is different. Why did you change that???

$sql =  "SELECT `type` FROM `members` WHERE `email` = :email AND `password` = :password";


	$STM = $dbh-&gt;prepare($sql);
	
	$STM-&gt;bindParam(":Email", $Email);
	$STM-&gt;bindParam(":Password", $Password);
37

Oh…, I tried to make everything lowercase. Forgot to change that too, sorry… it works now
(embarrassed)