Reputation: 15458
ModX and PDO: querying with PHP variables
I am new to PDO and have the follow code which recieves 2 PHP vars from a form and uses them in a query:
$loginemail = $_REQUEST['loginemail'] ;
$loginpassword = $_REQUEST['loginpassword'] ;
$logincheck = "SELECT * FROM `ft_gameusers` WHERE `email` = '$loginemail' AND `password` = '$loginpassword'";
$query = $modx->query($logincheck);
if ($query) {
while ($row = $query->fetch(PDO::FETCH_ASSOC)) {
echo $row['email'];
}
}
The thing is if I hard code the email and password variables into the MySQL query it works fine - its just doesnt seem to like them as PHP variables.
Does anyone know what Im doing wrong? (PS: this is a snippet within ModX Revo)
EDIT: form tag:
<form id="loginform" action="mysite.com/formprocess" method="post">
Email:
<input type="text" id="loginemail" name="loginemail">
Password:
<input type="password" id="loginpassword" name="loginpassword">
<button type="submit">Login</button>
</form>
Upvotes: 0
Views: 647
Answers (4)
Reputation: 3146
This is how you can bind your parameters using PDO/xPDO:
$loginemail = $_REQUEST['loginemail'] ;
$loginpassword = $_REQUEST['loginpassword'] ;
$logincheck = "SELECT * FROM `ft_gameusers` WHERE `email` = :loginemail AND `password` = :loginpassword";
$credentials = array(
':loginemail' => $loginemail,
':loginpassword' => $loginpassword,
);
$query = new xPDOCriteria($modx,$logincheck,$credentials);
if ($query->stmt && $query->stmt->execute()) {
while ($row = $query->stmt->fetch(PDO::FETCH_ASSOC)) {
echo $row['email'];
}
}
http://php.net/manual/en/pdostatement.bindparam.php
Upvotes: 2
Reputation: 8828
Try changing FROM this
<button type="submit">Login</button>
TO
<input type="submit" id="submit" name="submit" value="Login">
This post explains that <button> is not always compatible and might just explain why your variables that gets passed using post is empty on the other side.
FUTHER INFO
on the html5 <button> element
Important: If you use the element in an HTML form, different browsers may submit different values. Internet Explorer, prior version 9, will submit the text between the and tags, while other browsers will submit the content of the value attribute. Use the element to create buttons in an HTML form.
Upvotes: 0
Reputation: 4494
I think Gautam's right here, ty a couple little tests to see what is actually going on:
// trim these just in case
$loginemail = trim($_REQUEST['loginemail']);
$loginpassword = trim($_REQUEST['loginpassword']);
$logincheck = "SELECT * FROM `ft_gameusers`
WHERE `email` = '$loginemail' AND `password` = '$loginpassword'";
// copy & run this in an sql editor:
echo $logincheck;
// then try Gautam's ~ correct the quotes syntax error after loginpassword
$logincheck2 = "SELECT * FROM `ft_gameusers`
WHERE `email` = '".$loginemail."' AND `password` = '".$loginpassword."';
echo $logincheck;
Upvotes: 0
Reputation: 28753
Try like this
$logincheck = "SELECT * FROM `ft_gameusers` WHERE `email` = '".$loginemail."' AND `password` = '".$loginpassword.'";
Upvotes: 0
Related Questions
- PHP/MYSql PDO Select with variable
- PHP PDO - Using MySQL Variables
- Using MySQL variables with PDO Select statements
- Php : variable into SQL QUERY (PDO)
- MySQL Variables and PDO
- Trying to combine and/or arguments for MySQL query
- PDO on MySQL query through String variables
- PHP PDO Query Not Working With Vars?
- $modx->query doesn't seem to execute
- Using a passed variable in a query using PDO