CODEWITHSUNDEEP
phpmysqlmysqli
Jack
Jack

Reputation: 275

Trouble using mysqli_stmt_bind_result

I am trying to use mysqli_stmt_bind_result() but I think I am not using it correctly. The code below grabs the username and password and runs a query in the database and if it matches it is meant to echo back success.

However, when I print out the row it is empty. What might I be doing wrong?

I am not planing to use mysqli_stmt_get_result() I know how that works. I want to make use of mysqli_stmt_bind_result in this case.

<?php

if ($_SERVER['REQUEST_METHOD'] == 'POST'){
    require 'dbh.inc.php';
    $email = $_POST['email'];
    $pass = $_POST['pass'];

    if (empty($email) || empty($pass)) {
      header("Location: ../login.php?error=emptyfields");
      exit();
    }
    else {
      $sql = "SELECT idUsers, emailUsers, firstNameUsers, lastNameUsers, pwdUsers, bdayUsers FROM users WHERE emailUsers = ?";
      $stmt = mysqli_stmt_init($conn);
      if (!mysqli_stmt_prepare($stmt, $sql)) {
        echo 'errorme';
        exit();
      }
      else {
        mysqli_stmt_bind_param($stmt ,"s", $email);
        mysqli_stmt_execute($stmt);
        mysqli_stmt_bind_result($stmt, $id_Users ,$email_Users, $first_NameUsers, $last_NameUsers, $pass_word, $bday_Users);
        if ($row=mysqli_stmt_fetch($stmt)) {
          $message = $row["$email"];
          echo "<script type='text/javascript'>alert('$message');</script>";
          $pwdCheck = password_verify($pass, $row['pwdUsers']);
          if ($pwdCheck == false) {
            echo 'wrongpass';
            exit();
          }
          else if($pwdCheck == true) {
            session_start();
            $_SESSION['userId'] = $row['idUsers'];
            $_SESSION['userName'] = $row['firstNameUsers'];
            echo 'success';
            exit();
          }
          else {
            echo 'noresults';
            exit();
          }
        }
        else {
          echo 'nouser';
          exit();
        }
      }
    }
}
else {
  header("Location: ../login.php");
  exit();
}
?>

Upvotes: 1

Views: 212

Answers (1)

Qirel
Qirel

Reputation: 26450

You bind the results through mysqli_stmt_bind_result(), and these are the variables which will hold the values once your results are fetched.

Your fetch() function returns a boolean, and not a result (unlike the non-prepared queries).

if (mysqli_stmt_fetch($stmt)) {
     $message = $email_Users;
     echo "<script type='text/javascript'>alert('$message');</script>";
     $pwdCheck = password_verify($pass, $pass_word);

The same goes for any place you attempt to use $row - you have to use the variables that are assigned in mysqli_stmt_bind_result() (so $id_Users instead of $row['idUsers'], $first_NameUsers instead of $row['firstNameUsers'] and so on).

See the documentation for each method for more details.

Upvotes: 2

Related Questions