Re: [PHP] A prepared statements question
Jim Lucas wrote:
Jason Carson wrote:
Hello everyone,
I am having a problem getting my prepared statements working. Here is my
setup...
index.php - authenticate.php - admin.php
1)index.php has a login form on it so when someone enters their username
the form redirects to another page I call authenticate.php.
2)In the authenticate.php file I want to use prepared statements to
interact with the MySQL database. I want to compare the username
submitted
from the form with the username in the database.
3)If the login username was legitimate then you are forwarded to
admin.php
Its step 2 I am having problems with. Here is what I have but I don't
think it makes any sense and it doesn't work.
$link = mysqli_connect($hostname, $dbusername, $password, $database);
$stmt = mysqli_prepare($link, SELECT * FROM administrators WHERE
adminusers=?);
mysqli_stmt_bind_param($stmt, 's', $username);
$result = mysqli_stmt_execute($stmt);
$count=mysqli_num_rows($result);
if($count==1){
header(location:admin.php);
} else {
echo Failure;
}
Any help is appreciated.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
For anyone reading this thread, here is the final code that I used...
$link = mysqli_connect($hostname, $username, $password, $database);
$stmt = mysqli_prepare($link, SELECT * FROM administrators WHERE
adminusers=?);
mysqli_stmt_bind_param($stmt, s, $adminuser);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$count = mysqli_stmt_num_rows($stmt);
if($count==1){
header(location:admin.php);
} else {
echo Failure;
}
I hope not, because you have a parse error on your second line,
mysqli_prepare()
Might want to close your double-quoted string
--
Jim Lucas
Not to mention that I don't see $adminuser defined anywhere. If its
from a form and register_globals are off, maybe $_POST['adminuser'].
--
Thanks!
-Shawn
http://www.spidean.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A prepared statements question
Jason Carson wrote:
Hello everyone,
I am having a problem getting my prepared statements working. Here is my
setup...
index.php - authenticate.php - admin.php
1)index.php has a login form on it so when someone enters their username
the form redirects to another page I call authenticate.php.
2)In the authenticate.php file I want to use prepared statements to
interact with the MySQL database. I want to compare the username submitted
from the form with the username in the database.
3)If the login username was legitimate then you are forwarded to admin.php
Its step 2 I am having problems with. Here is what I have but I don't
think it makes any sense and it doesn't work.
$link = mysqli_connect($hostname, $dbusername, $password, $database);
$stmt = mysqli_prepare($link, SELECT * FROM administrators WHERE
adminusers=?);
mysqli_stmt_bind_param($stmt, 's', $username);
$result = mysqli_stmt_execute($stmt);
$count=mysqli_num_rows($result);
if($count==1){
header(location:admin.php);
} else {
echo Failure;
}
Any help is appreciated.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
For anyone reading this thread, here is the final code that I used...
$link = mysqli_connect($hostname, $username, $password, $database);
$stmt = mysqli_prepare($link, SELECT * FROM administrators WHERE
adminusers=?);
mysqli_stmt_bind_param($stmt, s, $adminuser);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$count = mysqli_stmt_num_rows($stmt);
if($count==1){
header(location:admin.php);
} else {
echo Failure;
}
I hope not, because you have a parse error on your second line, mysqli_prepare()
Might want to close your double-quoted string
--
Jim Lucas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A prepared statements question
On Sun, Jul 12, 2009 at 10:01 AM, Jason Carson ja...@jasoncarson.ca wrote:
Hello everyone,
I am having a problem getting my prepared statements working. Here is my
setup...
index.php - authenticate.php - admin.php
1)index.php has a login form on it so when someone enters their username
the form redirects to another page I call authenticate.php.
2)In the authenticate.php file I want to use prepared statements to
interact with the MySQL database. I want to compare the username submitted
from the form with the username in the database.
3)If the login username was legitimate then you are forwarded to admin.php
Its step 2 I am having problems with. Here is what I have but I don't
think it makes any sense and it doesn't work.
$link = mysqli_connect($hostname, $dbusername, $password, $database);
$stmt = mysqli_prepare($link, SELECT * FROM administrators WHERE
adminusers=?);
No Password ? I hope you are only using the statement for determining the
role of already logged in user.
mysqli_stmt_bind_param($stmt, 's', $username);
$result = mysqli_stmt_execute($stmt);
$count=mysqli_num_rows($result);
if($count==1){
header(location:admin.php);
} else {
echo Failure;
}
Any help is appreciated.
You forgot to mention the about the problem you are facing :), I am having
problem statement is not good enough.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Zareef Ahmed :: A PHP Developer in India ( Delhi )
Homepage :: http://www.zareef.net
Re: [PHP] A prepared statements question
Hello everyone,
I am having a problem getting my prepared statements working. Here is my
setup...
index.php - authenticate.php - admin.php
1)index.php has a login form on it so when someone enters their username
the form redirects to another page I call authenticate.php.
2)In the authenticate.php file I want to use prepared statements to
interact with the MySQL database. I want to compare the username submitted
from the form with the username in the database.
3)If the login username was legitimate then you are forwarded to admin.php
Its step 2 I am having problems with. Here is what I have but I don't
think it makes any sense and it doesn't work.
$link = mysqli_connect($hostname, $dbusername, $password, $database);
$stmt = mysqli_prepare($link, SELECT * FROM administrators WHERE
adminusers=?);
mysqli_stmt_bind_param($stmt, 's', $username);
$result = mysqli_stmt_execute($stmt);
$count=mysqli_num_rows($result);
if($count==1){
header(location:admin.php);
} else {
echo Failure;
}
Any help is appreciated.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
For anyone reading this thread, here is the final code that I used...
$link = mysqli_connect($hostname, $username, $password, $database);
$stmt = mysqli_prepare($link, SELECT * FROM administrators WHERE
adminusers=?);
mysqli_stmt_bind_param($stmt, s, $adminuser);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$count = mysqli_stmt_num_rows($stmt);
if($count==1){
header(location:admin.php);
} else {
echo Failure;
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A prepared statements question
On Sun, 12 Jul 2009 15:25:15 -0400 (EDT), Jason Carson wrote:
For anyone reading this thread, here is the final code that I used...
$link = mysqli_connect($hostname, $username, $password, $database);
$stmt = mysqli_prepare($link, SELECT * FROM administrators WHERE
adminusers=?);
mysqli_stmt_bind_param($stmt, s, $adminuser);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$count = mysqli_stmt_num_rows($stmt);
if($count==1){
header(location:admin.php);
} else {
echo Failure;
}
You should always check for errors, so...
/* without actually testing or checking against the manual */
$q = SELECT * FROM administrators WHERE adminusers=?;
if ( $link = mysqli_connect($hostname, $username, $password, $database)
$stmt = mysqli_prepare($link, $q)
mysqli_stmt_bind_param($stmt, s, $adminuser)
mysqli_stmt_execute($stmt)
mysqli_stmt_store_result($stmt))
{
$count = mysqli_stmt_num_rows($stmt);
} else {
/* Of course, at this point it would be nice to know which
function failed. I don't think there is a neat way to
find that out, and checking every function for errors
would make the code look much much worse than using the
old mysql[i]_query functions. Bleah. */
}
/Nisse
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A prepared statements question
if ( $link = mysqli_connect($hostname, $username, $password, $database)
$stmt = mysqli_prepare($link, $q)
mysqli_stmt_bind_param($stmt, s, $adminuser)
mysqli_stmt_execute($stmt)
mysqli_stmt_store_result($stmt))
{
$count = mysqli_stmt_num_rows($stmt);
} else {
/* Of course, at this point it would be nice to know which
function failed. I don't think there is a neat way to
find that out, and checking every function for errors
would make the code look much much worse than using the
old mysql[i]_query functions. Bleah. */
}
/Nisse
Not to sort of start (another) holy war on this list, but it's ugly
blocks of code like this that pushed me into using PDO.
This, IMO, is so much easier to read:
try {
$stmt = $pdo-prepare();
$stmt-bindValue();
$stmt-execute();
$stmt-numRows();
} catch (PDOException $p) {
//do stuff
}
I would much rather try/catch exceptions than clutter up code with
hundreds of if/elseif/else statements.
This is just my opinion, of course :)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A prepared statements question
2009/7/12 Eddie Drapkin oorza...@gmail.com: This is just my opinion, of course :) Which is welcome. Preferrably, on the php-db@ list, but welcome nonetheless. ;-P -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A prepared statements question
[Redirected to PHP-DB: php...@lists.php.net]
On Sun, Jul 12, 2009 at 00:31, Jason Carsonja...@jasoncarson.ca wrote:
Hello everyone,
I am having a problem getting my prepared statements working. Here is my
setup...
index.php - authenticate.php - admin.php
1)index.php has a login form on it so when someone enters their username
the form redirects to another page I call authenticate.php.
2)In the authenticate.php file I want to use prepared statements to
interact with the MySQL database. I want to compare the username submitted
from the form with the username in the database.
3)If the login username was legitimate then you are forwarded to admin.php
Its step 2 I am having problems with. Here is what I have but I don't
think it makes any sense and it doesn't work.
$link = mysqli_connect($hostname, $dbusername, $password, $database);
$stmt = mysqli_prepare($link, SELECT * FROM administrators WHERE
adminusers=?);
mysqli_stmt_bind_param($stmt, 's', $username);
$result = mysqli_stmt_execute($stmt);
$count=mysqli_num_rows($result);
if($count==1){
header(location:admin.php);
} else {
echo Failure;
}
Any help is appreciated.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
/Daniel P. Brown
daniel.br...@parasane.net || danbr...@php.net
http://www.parasane.net/ || http://www.pilotpig.net/
Check out our great hosting and dedicated server deals at
http://twitter.com/pilotpig
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
