I can't figure out what is wrong with these few lines:
if ( $stmt = $db->prepare('SELECT * FROM users WHERE username = ? LIMIT 1');
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->store_result();
$stmt->fetch();
$stmt->num_rows == 1;
)
{
$errors[] = "Username is taken.";
}
if($stmt = $db->prepare('SELECT * FROM users WHERE username = ? LIMIT 1'))
{
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->store_result();
if($stmt->num_rows > 0)
{
$errors[] = "Username $username is taken.";
}
$stmt->free_result();
$stmt->close();
}
Not sure how you got your other code, but I think you want something like this:
$stmt = $db->prepare('SELECT * FROM users WHERE username = ? LIMIT 1');
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->bind_result($res);
if($stmt->num_rows == 1)
{
$errors[] = "Username is taken.";
}
There's an unnecessary fetch in your original code, also
Related
I want to get num rows of this query. Now output is empty and I don't know what to do now...
EDITED
And I need to put to "?" text from input..
My code:
$stmt = $conn->prepare("SELECT email FROM users WHERE email=?");
$stmt->bind_param("s", $email);
$stmt->execute();
$stmt->store_result();
$num_rows = $stmt->num_rows;
$stmt->bind_result($email);
$stmt->fetch();
echo $email;
if ($num_rows > 0)
{
echo "Exists";
}
else
{
echo "doesnt exists";
}
$stmt->close();
$conn->close();
I create this code to check user login based in a form.
But is giving me erros..Is not finding nothing... just say "INVALID USERNAME/PASSWORD Combination!"
$uid = mysqli_real_escape_string($con, sanitize($_POST['email']));
$pwd = mysqli_real_escape_string($con, sanitize($_POST['password']));
if (empty($uid) || empty($pwd)) {
header("Location: ../member?fail=1");
exit();
} else {
$stmt = $con->prepare("SELECT email, password FROM public_users WHERE email = ? AND password = ?");
$stmt->bind_param('ss', $uid, $pwd);
$stmt->execute();
$stmt->bind_result($uid, $pwd);
$stmt->store_result();
if($stmt->num_rows == 1) {
if($stmt->fetch()) {
$secure_hash = password_verify($pwd, $stmt['password']);
if($secure_hash == false) {
echo "Combination!";
} else {
echo "PASSWORD Combination!";
}
}
} else {
echo "INVALID USERNAME/PASSWORD Combination!";
}
}
$stmt->close();
Please help this is for an text tomorrow at school :(
You tried to get an email and a password from your database, but the password field already hashed.
$stmt = $con->prepare("SELECT email, password FROM public_users WHERE email = ? AND password = ?");
You should get a record only by email:
$stmt = $con->prepare("SELECT email, password, age FROM public_users WHERE email = ? ");
$stmt->bind_param('s', $uid);
$stmt->execute();
$stmt->bind_result($uid, $hashed_password, $age);
$stmt->store_result();
//.....
and next verify password:
$secure_hash = password_verify($pwd, $hashed_password);
I am trying to find out if a user exists in my database already, but no matter what I try, I always get the equivalent of a false.
$stmt = $connection->prepare("SELECT * FROM members WHERE member_username = ?");
$stmt->bind_param("s", $username);
$stmt->execute();
if($stmt->num_rows > 0) {
return 'user exists';
}
I know this has got to be something very simple... something I am clearly overlooking, but I always get that num_rows = 0, even though the user is in the database already.
Can someone please help?
Call get_result() or store_result() before call num_rows:
$stmt = $connection->prepare("SELECT * FROM members WHERE member_username = ?");
$stmt->bind_param("s", $username);
$stmt->execute();
$res = $stmt->get_result(); //<--- HERE
if($res->num_rows > 0) { //<--- HERE
return 'user exists';
}
OR
$stmt->execute();
$stmt->store_result(); //<--- HERE
if($stmt->num_rows > 0) {
I have a interesting problem.
// in pdo with function --> not work
function UserIsExist($name)
{
global $db;
$stmt = $db->prepare("SELECT id FROM tarskereso_users WHERE email = '$name' LIMIT 1");
$stmt->execute();
if ($stmt->fetchColumn() == 1) return 1;
else return 0;
}
// with MySQLi --> not working
function UserIsExist($name)
{
global $db;
$stmt = $db->prepare("SELECT id,email FROM tarskereso_users WHERE email = ? LIMIT 1");
$stmt->bind_param('s', $name);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows == 1)
return 1;
else
return 0;
$stmt->close();
}
// In Register.php
... other ..
if(UserIsExist($user) == 1)
$error_msg = "Is Exist";
else
{
$birthdate = $year.'.'.$month.'.'.$day;
CreateUser($user,$pass,$birthdate,$sex);
$error_msg = 'Success';
}
So, with function not working, I try with:
$stmt = $db->prepare("SELECT id,email FROM tarskereso_users WHERE email = ? LIMIT 1");
$stmt->bind_param('s', $name);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows > 0)
... other ...
else
echo 'isnt exist...';
$stmt->close();
but not working, the num_rows always return 0. And the account in the database successfuly created
in pdo, num_rows won't work.
you have to use $sql->rowCount() method to get number of records in a table.
<?php
$sql = $con->prepare("<YOUR SQL QUERY HERE>");
$sql->execute();
if($sql->rowCount() > 0){
echo $sql->rowCount() ." rows found";
}
?>
I actually have this PHP code, which i use to obtain my database info..
function searchUserEmail($username, $raw_email){
//Prepare Statements
$query = "SELECT * FROM users WHERE username = ?";
$query2 = "SELECT * FROM users WHERE email = ?";
//Sanitize Input
$user = $this->conn->real_escape_string($username);
$email = $this->conn->real_escape_string($raw_email);
if($stmt = $this->conn->prepare($query)){
$stmt->bind_param('s', $user);
$stmt->execute();
if($stmt->num_rows > 0){
$stmt->close();
return true;
}
}
if($stmt = $this->conn->prepare($query2)){
$stmt->bind_param('s', $email);
$stmt->execute();
if($stmt->num_rows > 0){
$stmt->close();
return true;
}
}
return false;
}
I've tried this alot of times, ran it through a statement checker, still it doesn't work. Is there anything i'm missing???
Somehow it always returns a false (Even though its suppose to return true)
mysql_select_db($dataname,$conn);