CODEWITHSUNDEEP
phpmysqlpdo
Frank Edgar
Frank Edgar

Reputation: 89

Having trouble with PDO queries

Can someone please take a look at this block of code? I am very new to the PDO method, for some reason this keeps causing a 500 error whenever I submit.

I have narrowed it down to this:

Could it be this part? $hash = $stmt['hash'];

if(empty($response['error'])){
    $stmt = $db->prepare("SELECT * FROM Login WHERE username= :username"); // Prepare the query
 // Bind the parameters to the query
    $stmt->bindParam(':username', $username);
    //Carry out the query
    $stmt->execute();
    $hash = $stmt['hash'];

    $affectedRows = $stmt->rowCount(); // Getting affected rows count
    if($affectedRows != 1){
        $response['error'][] = "No User is related to the Username";
    }
    if(password_verify($password, $hash))
    {
      $_SESSION['username'] = $_POST['username'];
            $_SESSION['userid'] = $stmt['ID'];
    }
    else
    {
      $response['error'][] = "Your password is invalid.";
    }
}

If you need more info please ask I will be happy to supply anything I can.

Upvotes: 1

Views: 71

Answers (2)

Alex
Alex

Reputation: 17289

Your code is really messy. Just to help you with start point:

if (empty($response['error'])) {
    if (isset($_POST['username'])) {
        $username = $_POST['username'];
        $password = $_POST['password'];
        $stmt = $db->prepare("SELECT * FROM Login WHERE username= :username"); 
        $stmt->bindParam(':username', $username);
        $stmt->execute();
        if ($row  = $stmt->fetch(PDO::FETCH_ASSOC)) {
           $hash = $row['hash'];
           if(password_verify($password, $hash)) {
              $_SESSION['username'] = $username;
              $_SESSION['userid'] = $stmt['ID'];
           } else {
              $response['error'][] = "Your password is invalid.";
           }
        } else {
           $response['error'][] = "No User is related to the Username";
        }
    } else {
      $response['error'][] = "Username is not set!";
    }
}

Upvotes: 1

chris85
chris85

Reputation: 23892

You need to fetch the result of the query to have it accessible. I'm not sure this is your issue, I'd think $hash would just be set to Resource Id#x, not what you want but not a 500. Here's how to fetch (http://php.net/manual/en/pdostatement.fetch.php) though

$stmt = $db->prepare("SELECT * FROM Login WHERE username= :username"); // Prepare the query
 // Bind the parameters to the query
    $stmt->bindParam(':username', $username);
    //Carry out the query
    $stmt->execute();
  //if you will only be getting back one result you dont need the while or hashes as an array
   while($result = $stmt->fetch(PDO::FETCH_ASSOC)){
    $hashes[] = $result['hash'];
   }

Here's a thread on enabling error reporting PHP production server - turn on error messages

Also you don't have to bind to pass values with the PDO. You also could do

$stmt = $db->prepare("SELECT * FROM Login WHERE username= ?"); // Prepare the query
$stmt->execute(array($username));

Upvotes: 1

Related Questions