So I am bashing my head against the wall over a question which more than likely has a simple solution. Here is my code.
public function login($username, $password){
$sql = "SELECT * FROM users WHERE username = :user AND password = :pass";
$stmt = $this->pdo->prepare($sql);
$data = array('user' => $username, 'pass' => md5($password . $this->salt));
$stmt->execute($data);
$status = $stmt->fetchColumn();
if($status){
echo "You are Logged in!";
print_r($result);
} else {
echo $status;
$this->error['alert'] = "You have not entered the correct login information.";
Users::ErrorReport();
}
}
What I want to do is pull all of the data from that users row and store it in an array so that I can access it in order to store it to the class variables. I would like to do something similar to
while($row = $stmt->fetchAll()){
$this->username = $row['username'];
}
The problem when I do this is Ive run into a million nasty errors and cant find any solutions while searching the net.
Use fetch() instead of fetchAll()
while($row = $stmt->fetch(PDO::FETCH_ASSOC)){
$this->username = $row['username'];
}
or if you like, you can use fetchAll() this way
$result_array = $stmt->fetchAll(PDO::FETCH_ASSOC)
Update: Venu is right, it's a bit wasteful to use mixed (Numeric and Associative) if you're only gonna use associative. So it's a good idea to use PDO::FETCH_ASSOC
Related
I'm making a function that i have to check if a userid is in this table already: if not he has to get into another page yet. But for some reason I get "NULL" back instead of the number of the userID.
my class:
public function countHobbies($userID){
try{
$conn = Db::getConnection();
$statement = $conn->prepare("select * from hobby where userID = '".$userID."'");
$userID = $this->getUserID();
$statement->execute();
$aantal = $statement->fetchAll(PDO::FETCH_ASSOC); //
$aantal->execute();
}
catch(throwable $e){
$error = "Something went wrong";
}
}
and this is on my html page:
$userArray = $_SESSION['user_id'];
$userID = implode(" ", $userArray);
$hobby = new Hobby();
$count = $hobby->countHobbies($userID);
if($count == false){
echo "no";
//header('Location: hobby.php');
}
else{
echo "yes";
}
There are at least two things you need to fix:
Always use parameter binding on the SQL statement. It may not be a security problem in this particular instance, but do get into the habit of using prepared statements. Because otherwise you'll find yourself in situations where you should've but didn't. https://www.php.net/manual/en/security.database.sql-injection.php
The $userID variable must be assigned before it is used.
In the end, it could look like this:
$userID = $this->getUserID();
$statement = $conn->prepare("select * from hobby where userID = ?");
$statement->bind_param("s", $userID);
I am about to lose my mind.I dont have any php experince and I am struggling about php web service.
Here is my code;
<?php
private $username2 = "";
private $password2 = "";
private $DB_CONNECTION;
private $servername = "localhost";
private $username = "root";
private $password = "";
private $dbname = "dptest";
function __construct()
{
$this->DB_CONNECTION = mysqli_connect($this->servername, $this->username,
$this->password, $this->dbname);
}
function getUserType(){
$sql = "SELECT usertype FROM `login_test` WHERE username = '". $this->username2."'AND password = '".$this->password2."'";
$result = mysqli_query($this->DB_CONNECTION,$sql);
//$value = mysqli_fetch_array($result);
while(!is_null($value = mysqli_fetch_array($result))){
return $value['usertype'];
}
}
}
This is my function code.The other is my login code;
<?php
include_once 'Authentication.php';
use user\Authentication;
$auth = new Authentication();
$auth->prepare($_POST);
$userStatus = $auth->isUserValidToLogIn();
if ($userStatus) {
// user existed
// So log him to main page
$json['success'] = 1;
$json['message'] = 'access granted';
$json['usertype'] = $auth->getUserType();
echo json_encode($json);
} else {
$json['success'] = 0;
$json['message'] = 'error!';
echo json_encode($json);
}
I am trying to get the user's type but when try to get the data form phpmyadmin local database it only gives the first column's usertype.When I try to get 2nd,3rd,4th so on.. user's usertype it doesnt return anything and blank page shows up on postman app.
Also my database looks like this;
usertype username password
admin despro 1234
client test 1234
client despro2 1234
client despro3 1234
The reason you are only getting one column back is because you only request the one column. In order to get the columns you want you need to explicitly request them in your query or use '*' in order to get all columns back. So your query should look like this in order to get all columns from the data table:
$sql = "SELECT * FROM `login_test` WHERE username = '". $this->username2."'AND password = '".$this->password2."'";
In general, I highly recommend that you stop using MySQLi extension and start using PHP Data Objects (PDO). It makes it easy to use prepared statements. Which also makes your code safer.
Then your query could look something like this (this is NOT the complete code):
// connecting to db
$pdo = new PDO($dsn, $user, $pass, $opt);
$sql = 'SELECT *
FROM login_test
WHERE userName = :username
AND pass = :password;';
$stmt = $pdo->prepare($sql);
$stmt->bindParam(':username', $username2, PDO::PARAM_STR);
$stmt->bindParam(':password', $password2, PDO::PARAM_STR);
$res = $stmt->execute();
if ($res) {
$response["userdata"] = array();
while($row = $stmt->fetch(PDO::FETCH_ASSOC)){
$myData = array();
$myData["usertype"] = $row["usertype"];
$myData["username"] = $row["username"];
array_push($response["userdata"], $myData);
}
}
Note that the code above is for returning multiple rows of data. If you just want the one row then use something like this:
if ($res) {
$response["userdata"] = array();
$myData = array();
$myData["usertype"] = $row["usertype"];
$myData["username"] = $row["username"];
array_push($response["userdata"], $myData);
}
removing the 'while' statement.
You might want to take a look at this answer I gave, recently. It is a comprehensive example of using a webservice from an Android app.
How to insert all the SQL table data into an array in java [android studio]
When I use the code below I get Undefined Index: email on $row['email']. If I grab the whole array with $row and print_r, it displays like it should.
Where am i going wrong ?
$stmt = $db->dbh->prepare("SELECT email FROM $this->table WHERE `email`= :email");
$stmt -> bindValue(':email', $email);
$stmt->execute();
while ($row = $stmt->fetchAll()){
return $row['email'];
}
$new = new Users;
echo $new->reset_password($email);
}
fetchAll returns a 2-dimensional array of all the results. To get just one row at a time, you should call $stmt->fetch(), not $stmt->fetchAll().
while ($row = $stmt->fetch()) {
...
}
But since you're returning, you shouldn't use a loop at all. The return statement will terminate the loop after the first iteration. Just use an if statement.
if ($row = $stmt->fetch()) {
return $row['email'];
}
This whole code doesn't make much sense -- $newemail is guaranteed to be the same as $email, why are you returning it? It probably should be:
if ($stmt->fetch()) { // Email was found
return true;
} else {
return false;
}
to check if the email entered in the db,
$stmt = $db->dbh->prepare("SELECT 1 FROM $this->table WHERE email= ?");
$stmt->execute([$email]);
return $stmt->fetchColumn();
You should use this code:
while ($row = $stmt->fetch()){
$newemail = $row['email'];
}
Instead of this code:
while ($row = $stmt->fetchAll()){
$newemail = $row['email'];
}
Method fetchAll() fetches all rows in a single call, method fetch() fetches only current row and moves pointer to the next row.
Documentation to method fetch() can be found here and documentation to method fetchAll can be found here.
I have a function which retrieves user information and stores it in variables like so within a class:
public function UserInformation() {
$query = "SELECT * FROM users WHERE username = '$this->user'";
try {
$stmt = $this->db->prepare($query);
$stmt->execute();
}
catch(PDOException $ex)
{
die("Failed to run query: " . $ex->getMessage());
}
$rows = $stmt->fetch();
$email = $rows['email'];
$username = $rows['username'];
}
How would I then display a single variable from that function? I've tried echo $retrieveInfo->UserInformation->username; with no success, how would I do this?
You have defined local variables, that to be lost as soon as function ends its execution.
The more correct way of doing what you want would be to return the data from the function like:
$rows = $stmt->fetch();
return $rows;
And call the method like
$rows = $yourObject->UserInformation();
Or, if the object represents a particular user you could store the data retrieved in an instance members like:
$this->email = $rows['email'];
and then access them
$yourObject->email
This would work as well while the former is what I would prefer (I don't know the whole task though)
I'm trying to fetch results using mysqli->fetch_row() (or fetch_object(), fetch_array()), yet when I go to run the code at run time it gives me the following error:
Fatal error: Call to a member function fetch_row() on a non-object in...on line 23.
The var in question that does this is $results in the code below. $user and $password gain their values from another .php file that this file is being included in so that's not really important at the moment. Now correct me if I'm wrong but if $results is being set = to $db->query($query) then isn't it supposed to inherit the properties of $db aka the mysqli class?
class mySQLHelper{
public function checkPass($user, $pass){
global $db;
$db = new mysqli();
$db->connect('localhost', 'root', '', 'mydb');
if (mysqli_connect_errno()){
echo 'Can not connect to database';
echo mysqli_connect_errno(). mysqli_connect_error();
exit;
return false;
}
$query = "SELECT user, password FROM Users WHERE user = $user AND password = $pass " ;
echo $query;
$results = $db->query($query);
while ($row = $results->fetch_row()){
echo htmlspecialchars($row->user);
echo htmlspecialchars($row->password);
}
$results->close();
$url = 'http://'. $_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF'])."/";
if(!$results){
// mysqli_close($db);
// header("Location:.$url.login.php&msg=1");
}
else{
// mysqli_close($db);
// header("Location:.$url.featured.php");
}
}
}
Your query is failing on this line:
$results = $db->query($query);
Because of this, $results is false - not a result object as you expect.
To fix the issue, you need to add quotes around your variables (or use prepared statements):
$query = "SELECT user, password FROM Users WHERE user = '".$user."' AND password = '".$pass."' " ;
I would suggest updating to use a prepared statement to prevent SQL-injection issues too though:
$stmt = $db->prepare('SELECT user, password FROM Users WHERE user = ? AND password = ?');
$stmt->bind_param('ss', $user, $pass);
$stmt->execute();
$results = $stmt->get_result();
You script is lacking error checking, and therefore the error in the query is not handled.
$query = "SELECT user, password FROM Users
WHERE user = '$user' AND password = '$pass' " ;
// ^ quotes needed
echo $query;
$results = $db->query($query);
// handle a error in the query
if(!$results)
die($db->error);
while ($row = $results->fetch_row()){
echo htmlspecialchars($row->user);
echo htmlspecialchars($row->password);
}
If you user & password field text or varchar, then you need to use single quote around them
$query = "SELECT user, password FROM Users WHERE user = '".$user."' AND password = '".$pass."' " ;
You have to check, if query runs properly:
if ($result = $mysqli->query($query))
{
}
Use: var_dump($results) to check what it contains
Why are you checking if($results) after trying to manipulate it?
This...
$results->close();
//...
if(!$results){
//...
}
Should be...
if(!$results){
//...
}
$results->close();