...

View Full Version : The Prepared Statement Is Not Getting Set



Joseph Witchard
11-30-2008, 06:30 AM
<?php

// start the session

session_name('uhoh');
session_set_cookie_params(900);
session_start();

// require the connection and salt settings

require_once("path_to_connection");

require_once("path_to_salt");

$conn = my_access;

// process the form

if (array_key_exists('submit', $_POST) && !empty($_POST['submit']))
{

// begin check to see if the fields are set

$fields = array
(

// true = required, false = expected

'user' => true,
'pwd' => true

);

function trim_value(&$value) // function from php.net
{

$value = trim($value);

}

// create an empty array for missing elements

$missing = array();

foreach ($fields as $field => $expected)
{

if (!isset($_POST[$field]) && $expected)
{

$missing[] = $field;

}

else // clean up
{

if (is_array($_POST[$field]))
{

array_walk($_POST[$field], 'trim_value');

}

else
{

$_POST[$field] = trim($_POST[$field]);

}

}

}

if (empty($missing))
{

$username = $_POST['user'];
$password = $_POST['pwd'];
$password = md5($salt. md5($password . $salt));

$query = "SELECT `user_id`, `admin`, `username`, `pwd` FROM `users` WHERE `username` = ? AND `pwd` = ? LIMIT 1";




if ($stmt = $conn->prepare($query))
{

// bind the parameters

$stmt->bind_param('ss', $newUser, $newPwd);

$newUser = $username;
$newPwd = $password;



if ($stmt->execute())
{

// bind the results

$stmt->bind_result($jID, $jAdmin, $jName, $jPwd);

if ($stmt->fetch())
{

// check to see if he's an Admin

if ($jAdmin != 1)
{

$notJonathan = true;

exit;

}

else
{

$_SESSION['jonathan'] = true;
$_SESSION['id'] = $jID;
$_SESSION['name'] = $jName;

// redirect him

header("Location: https://uhrebirth.com/staff/death.php");

}

}

else
{

// could find the data

$noExistence = true;

}

}

else
{

$noExecution = true;

}

$stmt->close();

}

}

$conn->close();

}

?>



For some reason, the $stmt variable keeps returning false, And I don't know why. Any ideas?

Fou-Lu
11-30-2008, 07:28 AM
Is $conn a typeof MySQLi or MySQLi_Stmt? I assume that $conn is of type mysqli which means you need to create a statement object first with $conn->stmt_init();
The result can then use the ->prepare method.

Try that out, post back you're findings, I don't use a lot of MySQLi (except really as if it were MySQL :P)


I lied; I found the method on the actual MySQLi object.

Can you post which line in specific it is? I assumed it was this:
if ($stmt = $conn->prepare($query))
but can you confirm that please?

Oh, and I also assumed that you're connection was open. Double check that, it will catch you every time, trust me ;)



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum