Re: [PHP] A prepared statements question
Jim Lucas wrote: Jason Carson wrote: Hello everyone, I am having a problem getting my prepared statements working. Here is my setup... index.php - authenticate.php - admin.php 1)index.php has a login form on it so when someone enters their username the form redirects to another page I call authenticate.php. 2)In the authenticate.php file I want to use prepared statements to interact with the MySQL database. I want to compare the username submitted from the form with the username in the database. 3)If the login username was legitimate then you are forwarded to admin.php Its step 2 I am having problems with. Here is what I have but I don't think it makes any sense and it doesn't work. $link = mysqli_connect($hostname, $dbusername, $password, $database); $stmt = mysqli_prepare($link, SELECT * FROM administrators WHERE adminusers=?); mysqli_stmt_bind_param($stmt, 's', $username); $result = mysqli_stmt_execute($stmt); $count=mysqli_num_rows($result); if($count==1){ header(location:admin.php); } else { echo Failure; } Any help is appreciated. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php For anyone reading this thread, here is the final code that I used... $link = mysqli_connect($hostname, $username, $password, $database); $stmt = mysqli_prepare($link, SELECT * FROM administrators WHERE adminusers=?); mysqli_stmt_bind_param($stmt, s, $adminuser); mysqli_stmt_execute($stmt); mysqli_stmt_store_result($stmt); $count = mysqli_stmt_num_rows($stmt); if($count==1){ header(location:admin.php); } else { echo Failure; } I hope not, because you have a parse error on your second line, mysqli_prepare() Might want to close your double-quoted string -- Jim Lucas Not to mention that I don't see $adminuser defined anywhere. If its from a form and register_globals are off, maybe $_POST['adminuser']. -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A prepared statements question
Jason Carson wrote: Hello everyone, I am having a problem getting my prepared statements working. Here is my setup... index.php - authenticate.php - admin.php 1)index.php has a login form on it so when someone enters their username the form redirects to another page I call authenticate.php. 2)In the authenticate.php file I want to use prepared statements to interact with the MySQL database. I want to compare the username submitted from the form with the username in the database. 3)If the login username was legitimate then you are forwarded to admin.php Its step 2 I am having problems with. Here is what I have but I don't think it makes any sense and it doesn't work. $link = mysqli_connect($hostname, $dbusername, $password, $database); $stmt = mysqli_prepare($link, SELECT * FROM administrators WHERE adminusers=?); mysqli_stmt_bind_param($stmt, 's', $username); $result = mysqli_stmt_execute($stmt); $count=mysqli_num_rows($result); if($count==1){ header(location:admin.php); } else { echo Failure; } Any help is appreciated. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php For anyone reading this thread, here is the final code that I used... $link = mysqli_connect($hostname, $username, $password, $database); $stmt = mysqli_prepare($link, SELECT * FROM administrators WHERE adminusers=?); mysqli_stmt_bind_param($stmt, s, $adminuser); mysqli_stmt_execute($stmt); mysqli_stmt_store_result($stmt); $count = mysqli_stmt_num_rows($stmt); if($count==1){ header(location:admin.php); } else { echo Failure; } I hope not, because you have a parse error on your second line, mysqli_prepare() Might want to close your double-quoted string -- Jim Lucas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A prepared statements question
On Sun, Jul 12, 2009 at 10:01 AM, Jason Carson ja...@jasoncarson.ca wrote: Hello everyone, I am having a problem getting my prepared statements working. Here is my setup... index.php - authenticate.php - admin.php 1)index.php has a login form on it so when someone enters their username the form redirects to another page I call authenticate.php. 2)In the authenticate.php file I want to use prepared statements to interact with the MySQL database. I want to compare the username submitted from the form with the username in the database. 3)If the login username was legitimate then you are forwarded to admin.php Its step 2 I am having problems with. Here is what I have but I don't think it makes any sense and it doesn't work. $link = mysqli_connect($hostname, $dbusername, $password, $database); $stmt = mysqli_prepare($link, SELECT * FROM administrators WHERE adminusers=?); No Password ? I hope you are only using the statement for determining the role of already logged in user. mysqli_stmt_bind_param($stmt, 's', $username); $result = mysqli_stmt_execute($stmt); $count=mysqli_num_rows($result); if($count==1){ header(location:admin.php); } else { echo Failure; } Any help is appreciated. You forgot to mention the about the problem you are facing :), I am having problem statement is not good enough. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Zareef Ahmed :: A PHP Developer in India ( Delhi ) Homepage :: http://www.zareef.net
Re: [PHP] A prepared statements question
Hello everyone, I am having a problem getting my prepared statements working. Here is my setup... index.php - authenticate.php - admin.php 1)index.php has a login form on it so when someone enters their username the form redirects to another page I call authenticate.php. 2)In the authenticate.php file I want to use prepared statements to interact with the MySQL database. I want to compare the username submitted from the form with the username in the database. 3)If the login username was legitimate then you are forwarded to admin.php Its step 2 I am having problems with. Here is what I have but I don't think it makes any sense and it doesn't work. $link = mysqli_connect($hostname, $dbusername, $password, $database); $stmt = mysqli_prepare($link, SELECT * FROM administrators WHERE adminusers=?); mysqli_stmt_bind_param($stmt, 's', $username); $result = mysqli_stmt_execute($stmt); $count=mysqli_num_rows($result); if($count==1){ header(location:admin.php); } else { echo Failure; } Any help is appreciated. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php For anyone reading this thread, here is the final code that I used... $link = mysqli_connect($hostname, $username, $password, $database); $stmt = mysqli_prepare($link, SELECT * FROM administrators WHERE adminusers=?); mysqli_stmt_bind_param($stmt, s, $adminuser); mysqli_stmt_execute($stmt); mysqli_stmt_store_result($stmt); $count = mysqli_stmt_num_rows($stmt); if($count==1){ header(location:admin.php); } else { echo Failure; } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A prepared statements question
On Sun, 12 Jul 2009 15:25:15 -0400 (EDT), Jason Carson wrote: For anyone reading this thread, here is the final code that I used... $link = mysqli_connect($hostname, $username, $password, $database); $stmt = mysqli_prepare($link, SELECT * FROM administrators WHERE adminusers=?); mysqli_stmt_bind_param($stmt, s, $adminuser); mysqli_stmt_execute($stmt); mysqli_stmt_store_result($stmt); $count = mysqli_stmt_num_rows($stmt); if($count==1){ header(location:admin.php); } else { echo Failure; } You should always check for errors, so... /* without actually testing or checking against the manual */ $q = SELECT * FROM administrators WHERE adminusers=?; if ( $link = mysqli_connect($hostname, $username, $password, $database) $stmt = mysqli_prepare($link, $q) mysqli_stmt_bind_param($stmt, s, $adminuser) mysqli_stmt_execute($stmt) mysqli_stmt_store_result($stmt)) { $count = mysqli_stmt_num_rows($stmt); } else { /* Of course, at this point it would be nice to know which function failed. I don't think there is a neat way to find that out, and checking every function for errors would make the code look much much worse than using the old mysql[i]_query functions. Bleah. */ } /Nisse -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A prepared statements question
if ( $link = mysqli_connect($hostname, $username, $password, $database) $stmt = mysqli_prepare($link, $q) mysqli_stmt_bind_param($stmt, s, $adminuser) mysqli_stmt_execute($stmt) mysqli_stmt_store_result($stmt)) { $count = mysqli_stmt_num_rows($stmt); } else { /* Of course, at this point it would be nice to know which function failed. I don't think there is a neat way to find that out, and checking every function for errors would make the code look much much worse than using the old mysql[i]_query functions. Bleah. */ } /Nisse Not to sort of start (another) holy war on this list, but it's ugly blocks of code like this that pushed me into using PDO. This, IMO, is so much easier to read: try { $stmt = $pdo-prepare(); $stmt-bindValue(); $stmt-execute(); $stmt-numRows(); } catch (PDOException $p) { //do stuff } I would much rather try/catch exceptions than clutter up code with hundreds of if/elseif/else statements. This is just my opinion, of course :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A prepared statements question
2009/7/12 Eddie Drapkin oorza...@gmail.com: This is just my opinion, of course :) Which is welcome. Preferrably, on the php-db@ list, but welcome nonetheless. ;-P -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A prepared statements question
[Redirected to PHP-DB: php...@lists.php.net] On Sun, Jul 12, 2009 at 00:31, Jason Carsonja...@jasoncarson.ca wrote: Hello everyone, I am having a problem getting my prepared statements working. Here is my setup... index.php - authenticate.php - admin.php 1)index.php has a login form on it so when someone enters their username the form redirects to another page I call authenticate.php. 2)In the authenticate.php file I want to use prepared statements to interact with the MySQL database. I want to compare the username submitted from the form with the username in the database. 3)If the login username was legitimate then you are forwarded to admin.php Its step 2 I am having problems with. Here is what I have but I don't think it makes any sense and it doesn't work. $link = mysqli_connect($hostname, $dbusername, $password, $database); $stmt = mysqli_prepare($link, SELECT * FROM administrators WHERE adminusers=?); mysqli_stmt_bind_param($stmt, 's', $username); $result = mysqli_stmt_execute($stmt); $count=mysqli_num_rows($result); if($count==1){ header(location:admin.php); } else { echo Failure; } Any help is appreciated. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php