sql bind value not sending anything

Question

Why wont this work i have been trying for days now following answers from here.

I tried hard coding the password into the statement and that worked but when i use the variable for the password it returns nothing.

I also have echos and prints everywhere to see what the variables are and they are correct as in password is indeed returning the pw string password

<?php
    include_once "db.php";
        $username = $_POST['user']; 
        $password = $_POST['pass'];

    echo "Username: "; 

    echo $username;
    echo "<br>";
    echo "Password: ";echo $password;
    echo "<br>";

    function GetPassword() {

        $db = getDataBase();
        $stmt = $db->prepare('SELECT username,password FROM userinfo WHERE username = :user AND password = :pass');
        $stmt->bindParam(':user',$username, PDO::PARAM_STR);
        $stmt->bindParam(':pass', $password, PDO::PARAM_STR);
        $stmt->execute();
        $results = $stmt->fetch(PDO::FETCH_ASSOC);
        foreach( $results as $row ){
          print_r( $row );
        }
        return $results;
    }

    $realpw = GetPassword();

    if($password ==  $realpw[0])
    {
        echo "Logged in";
        json_encode($usernameInput);
        echo $realpw[0];
    }else
    {
        echo "invalid username or password";
    }
    ?>

Answer 1

$username and $password are out of the scope of your function. You need to add them as parameters for this to work:

function GetPassword($username, $password) {

    $db = getDataBase();
    $stmt = $db->prepare('SELECT username,password FROM userinfo WHERE username = :user AND password = :pass');
    $stmt->bindParam(':user',$username, PDO::PARAM_STR);
    $stmt->bindParam(':pass', $password, PDO::PARAM_STR);
    $stmt->execute();
    $results = $stmt->fetch(PDO::FETCH_ASSOC);
    foreach( $results as $row ){
      print_r( $row );
    }
    return $results;
}

$realpw = GetPassword($username, $password);

Refer to: http://php.net/manual/en/language.variables.scope.php