Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

PHP putting database info into variable

  • 04-12-2017 7:11pm
    #1
    Registered Users, Registered Users 2 Posts: 5


    Hi try to select the user information and store it in a array can anyone see whats wrong.

    <?php

    session_start();

    include_once 'test.php';


    $email = $_POST;
    $password = $_POST;

    // Call the login stored procedure and put into array
    $user = $mysqli->query("CALL LoginUser('$email','$password')", MYSQLI_STORE_RESULT);

    //Get number rows
    $rows = mysqli_num_rows($user);

    if($rows > 0){

    //Store all the users info in session variables
    $_SESSION = $user;
    $_SESSION = $user;
    $_SESSION = $user;
    $_SESSION = $user;
    $_SESSION = $user;
    $_SESSION = $user;
    $_SESSION = $user;

    //Redirect user to logged in home page
    header('Location: home.php');

    // If no results are found redirect user to noAccount page
    } else {
    header('Location: noAccount.php');
    }

    ?>


Comments

  • Registered Users, Registered Users 2 Posts: 8,488 ✭✭✭Goodshape


    // Get data from MySQL query
    $user = mysqli_fetch_array($user);


    Also you should look into sanitizing your POST data to protect from SQL injection.


  • Registered Users, Registered Users 2 Posts: 7,468 ✭✭✭Evil Phil


    Is there an error message?


  • Registered Users, Registered Users 2 Posts: 6,286 ✭✭✭Talisman


    Your first mistake is using MySQLi to do database access, it's a nasty unforgiving bunch of functions with both object-oriented and procedural versions. It dates from a time when PHP was migrating from procedural to object oriented style code (2000/2001). If you are learning PHP for the first time, save yourself from the trauma of dealing with the crap code you will without doubt find when you google the subject matter. PDO (PHP Data Objects) has become the preferred way to do database access with PHP.

    Here is your database query using PDO:
    $email = $_POST['email'];
    $password = $_POST['password'];
    
    // PDO + MySQL
    $conn = new PDO('mysql:host=localhost;dbname=database', 'user', 'password');
    
    $sql = 'CALL LoginUserl(?, ?)';
    $stmt = $conn->prepare($sql);
    $stmt->bindParam(1, $email);
    $stmt->bindParam(2, $password);
    $stmt->execute();
    // result is an array indexed by column name
    $result = $stmt->fetch(PDO::FETCH_ASSOC);
    

    Use of parameter binding makes things more secure. See PHP Security Cheat Sheet


  • Registered Users, Registered Users 2 Posts: 5 BlueBallons


    Sorry for late reply thanks for help and feedback but i have solved the problem!


Advertisement