CODEWITHSUNDEEP
phpmysqlmysqliprepared-statement
user234159
user234159

Reputation: 928

mysql prepared statement is not working

I'm new to MySQL. I created a login page that will run PHP to query the database.

I want to make a prepared statement to prevent SQL injection but it is not working. $result gives me 0.

cgi-bin/welcome.php

<?php
$email= $_POST["email"];
$pwd = $_POST["password"];

$dbh=mysqli_connect("localhost",
"zzengnin",<password>,"zzengnin_wheel")
or die ('Database is not able to connect');

$qry= "SELECT email FROM Info WHERE email=? AND pw=?";

if ($stmt = mysqli_prepare($link, $qry)) {
    mysqli_stmt_bind_param($stmt, "ss", $email, $pwd);
    mysqli_stmt_execute($stmt);

    mysqli_stmt_bind_result($stmt, $result);
    mysqli_stmt_fetch($stmt);
    printf("result email  is %s\n", $result);
}


if(mysqli_num_rows($result)>0)
{
    echo "Welcome! '$email', you are officially logged in! ";
}
else{
    echo "Your Email or Password is WRONG!!!!";

    echo $result + " result";
}
mysqli_stmt_close($stmt);
mysqli_close($dbh);
?>

This is the form login.php

<!DOCTYPE html>
<head><title>Wheel Sharing</title>
<link rel = "stylesheet" type = "text/css" href = "CSS/style.css">
</head>
<body>
<h1>Log in</h1>

<form action="cgi-bin/welcome.php" method="post">
Email:  <input name="email" type="text" size="20"/>
<br/>
Password: <input name="password" type="password" >
<br/>
<input type="submit" value="Login"/> <input type="reset" value="Reset"/>

</form>

</body>
</html>

All help appreciated:)

Upvotes: 0

Views: 151

Answers (1)

Edward Manda
Edward Manda

Reputation: 579

Change this: 

mysqli_stmt_execute($stmt);

To this:

$result = mysqli_stmt_execute($stmt);

Upvotes: 1

Related Questions