Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

PHP putting database info into variable

Options
  • 04-12-2017 8:11pm
    #1
    BlueBallons
    Registered Users Posts: 5


    Hi try to select the user information and store it in a array can anyone see whats wrong.

    <?php

    session_start();

    include_once 'test.php';


    $email = $_POST;
    $password = $_POST;

    // Call the login stored procedure and put into array
    $user = $mysqli->query("CALL LoginUser('$email','$password')", MYSQLI_STORE_RESULT);

    //Get number rows
    $rows = mysqli_num_rows($user);

    if($rows > 0){

    //Store all the users info in session variables
    $_SESSION = $user;
    $_SESSION = $user;
    $_SESSION = $user;
    $_SESSION = $user;
    $_SESSION = $user;
    $_SESSION = $user;
    $_SESSION = $user;

    //Redirect user to logged in home page
    header('Location: home.php');

    // If no results are found redirect user to noAccount page
    } else {
    header('Location: noAccount.php');
    }

    ?>


Comments

  • Options
    #2
    Goodshape
    Registered Users Posts: 8,488 ✭✭✭Goodshape


    // Get data from MySQL query
    $user = mysqli_fetch_array($user);


    Also you should look into sanitizing your POST data to protect from SQL injection.


  • Options
    #3
    Evil Phil
    Registered Users Posts: 7,468 ✭✭✭Evil Phil


    Is there an error message?


  • Options
    #4
    Talisman
    Registered Users Posts: 6,016 ✭✭✭Talisman


    Your first mistake is using MySQLi to do database access, it's a nasty unforgiving bunch of functions with both object-oriented and procedural versions. It dates from a time when PHP was migrating from procedural to object oriented style code (2000/2001). If you are learning PHP for the first time, save yourself from the trauma of dealing with the crap code you will without doubt find when you google the subject matter. PDO (PHP Data Objects) has become the preferred way to do database access with PHP.

    Here is your database query using PDO: 
    $email = $_POST['email'];
$password = $_POST['password'];

// PDO + MySQL
$conn = new PDO('mysql:host=localhost;dbname=database', 'user', 'password');

$sql = 'CALL LoginUserl(?, ?)';
$stmt = $conn->prepare($sql);
$stmt->bindParam(1, $email);
$stmt->bindParam(2, $password);
$stmt->execute();
// result is an array indexed by column name
$result = $stmt->fetch(PDO::FETCH_ASSOC);

    Use of parameter binding makes things more secure. See PHP Security Cheat Sheet


  • Options
    #5
    BlueBallons
    Registered Users Posts: 5 BlueBallons


    Sorry for late reply thanks for help and feedback but i have solved the problem!


Advertisement