Return PDO data

Question

Hi guys I have a program built using mysql_* and I am trying to convert it to PDO for security and depreciative reasons

So I have a load of mysql_* functions setup like

return select_from_where('users', '*', "username = '$username' AND password = '$pass'", "LIMIT 1");

Which I have converted to PDO

return $conn -> query("SELECT * FROM users WHERE username = '$username' AND password = '$pass' LIMIT 1");

However the program does not feed the right result, I'm not sure if it is even returning data

My question is, do I have to set the PDO response to a variable that I can then use, or is it possible to have it return values which I can use in my program using a similar method to above?

I have included global $conn for each function query so I'm sure it is connecting like it should, its just not feeding the result as intended..

Does anyone have a quick fix for this issue as my program is almost done and is pending release :D

Thanks in advance

Luke

** EDIT LINE *

$sql = ("SELECT * FROM users WHERE username = '$username' AND password = '$pass' LIMIT   1");
$stm = $conn->prepare($sql);
$stm->execute(array($username,$pass)); $user = $stm->fetch(); echo $user['username'];

Your Common Sense · Accepted Answer

First, Personally I see no point in having a function like select_from_where

You actually save yourself nothing - you just moved words "SELECT, FROM and WHERE" from query to function name, yet made this function extremely limited - say, no joins or stuff.

Second, PDO::query() function shouldn't be used anyway - it doesn't support prepared statements.

So, the code have to be

global $conn;
$sql = "SELECT * FROM users WHERE username = ? AND password = ? LIMIT 1";
$stm = $conn->prepare($sql);
$stm->execute(array($username,$pass));
return $stm->fetch();

You have to also configure your PHP and PDO in order to be able to see every error occurred.

Return PDO data

Answers (2)

Related Questions