CODEWITHSUNDEEP
php
Hanif Nawawi
Hanif Nawawi

Reputation: 1

cannot log in by using password that has been hash

I'm trying to login into the account by using the md5 password. but the error keeps showing that invalid parameter number. Is there anything wrong with my code?

<?php  

 include_once '../database.php';
 include_once 'reg_Customer.php';
 session_start();
 if(isset($_SESSION["CustomerName"]))  
      {  
        header("location:index.php");
      }

 try  
 {  
       $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
       $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
      if(isset($_POST["login"]))  
      {  
           if(empty($_POST["CustomerName"]) || empty($_POST["CustomerPass"]))  
           {  
                $message = '<label>All fields are required</label>';  
           }  
           else  
           {  

                $query = "SELECT * FROM customer WHERE CustomerName = :CustomerName AND CustomerPass = ".md5(CustomerPass)."";
                $stmt = $conn->prepare($query);  
                $stmt->execute(  
                     array(  
                          'CustomerName'     =>     $_POST["CustomerName"],  
                         md5('CustomerPass')     =>     $_POST["CustomerPass"] 
                     )  
                );  
                $count = $stmt->rowCount();  
                if($count > 0)  
                {  
                    
                    $_SESSION["CustomerName"] = $_POST["CustomerName"];  
                   
                  

                     header("location:index.php");  
                }  
                else  
                {  
                     $message = '<label>Wrong Password</label>';  
                }  
           }  
      }  
 }  
 catch(PDOException $error)  
 {  
      $message = $error->getMessage();  
 }  
 ?>

the error:

SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match the number of tokens

Upvotes: 0

Views: 89

Answers (1)

maio290
maio290

Reputation: 6742

You are actually setting the value already when defining the query:

[...] AND CustomerPass = ".md5(CustomerPass)."";

It has to be [...] AND CustomerPass = :CustomerPass.

Also, in your array, you use the MD5 hash function on the key, not the value. It has to be:

'CustomerPass'     =>     md5($_POST["CustomerPass"])

Other than that, don't use md5 as IMSoP already stated. password_hash is your friend, or other hash functions such as SHA2-512.

Upvotes: 2

Related Questions