Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

PHP putting database info into variable

  • 04-12-2017 08:11PM
    #1
    BlueBallons
    Registered Users, Registered Users 2 Posts: 5


    Hi try to select the user information and store it in a array can anyone see whats wrong.

    <?php

    session_start();

    include_once 'test.php';


    $email = $_POST;
    $password = $_POST;

    // Call the login stored procedure and put into array
    $user = $mysqli->query("CALL LoginUser('$email','$password')", MYSQLI_STORE_RESULT);

    //Get number rows
    $rows = mysqli_num_rows($user);

    if($rows > 0){

    //Store all the users info in session variables
    $_SESSION = $user;
    $_SESSION = $user;
    $_SESSION = $user;
    $_SESSION = $user;
    $_SESSION = $user;
    $_SESSION = $user;
    $_SESSION = $user;

    //Redirect user to logged in home page
    header('Location: home.php');

    // If no results are found redirect user to noAccount page
    } else {
    header('Location: noAccount.php');
    }

    ?>


Comments

  • #2
    Goodshape
    Registered Users, Registered Users 2 Posts: 8,488 ✭✭✭Goodshape


    // Get data from MySQL query
    $user = mysqli_fetch_array($user);


    Also you should look into sanitizing your POST data to protect from SQL injection.


  • #3
    Evil Phil
    Registered Users, Registered Users 2 Posts: 7,468 ✭✭✭Evil Phil


    Is there an error message?


  • #4
    Talisman
    Registered Users, Registered Users 2 Posts: 7,151 ✭✭✭Talisman


    Your first mistake is using MySQLi to do database access, it's a nasty unforgiving bunch of functions with both object-oriented and procedural versions. It dates from a time when PHP was migrating from procedural to object oriented style code (2000/2001). If you are learning PHP for the first time, save yourself from the trauma of dealing with the crap code you will without doubt find when you google the subject matter. PDO (PHP Data Objects) has become the preferred way to do database access with PHP.

    Here is your database query using PDO: 
    $email = $_POST['email'];
$password = $_POST['password'];

// PDO + MySQL
$conn = new PDO('mysql:host=localhost;dbname=database', 'user', 'password');

$sql = 'CALL LoginUserl(?, ?)';
$stmt = $conn->prepare($sql);
$stmt->bindParam(1, $email);
$stmt->bindParam(2, $password);
$stmt->execute();
// result is an array indexed by column name
$result = $stmt->fetch(PDO::FETCH_ASSOC);

    Use of parameter binding makes things more secure. See PHP Security Cheat Sheet


  • #5
    BlueBallons
    Registered Users, Registered Users 2 Posts: 5 BlueBallons


    Sorry for late reply thanks for help and feedback but i have solved the problem!


Advertisement