Click here to Skip to main content
15,946,316 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
if(isset($_POST['login'])) {
  $username = stripcslashes($_POST['username']);
  $password = $_POST['password'];
  if($username != "" && $password != "") {
    try {
      $query = " SELECT password FROM users WHERE username=?";
      $stmt = $db->prepare($query);
      $stmt->bindParam('username', $username, PDO::PARAM_STR);
      $stmt->bindValue('password', $password, PDO::PARAM_STR);
      $count = $stmt->rowCount();
      $row   = $stmt->fetch(PDO::FETCH_ASSOC);
      if($count == 1 && !empty($row)) {
        /******************** Your code ***********************/
        //$_SESSION['sess_user_id']   = $row['uid'];
        $_SESSION['username'] = $row['username'];
        $_SESSION['name'] = $row['name'];
      } else {
        $msg = "Invalid login credentials";
    } catch (PDOException $e) {
      echo "Error : ".$e->getMessage();
  } else {
    $msg = "Both fields are required!";

What I have tried:

I tried a couple of research on the internet and tried script modification
Updated 11-Jan-23 18:24pm

This is going on three years-- however, for anyone stumbling in here later:

Make your SQL statement a string... which you can put variable values into.

Then parameterize your query with bind for the values you want to work with.

$thingSql = sprintf("INSERT INTO things(

$thingQueryObject = $this->dbConnection->prepare($thingSql);
$thingQueryObject->bindParam(':id', $this->thingId, PDO::PARAM_INT);
Share this answer
Graeme_Grant 12-Jan-23 0:46am    
The question was already answered with a valid solution. Please keep to current questions where help is needed.

Your answer is not secure and open to SQL injection attacks[^]. Highly not recommended.

Also, when posting solutions, please adhere to the guidelines and correctly format your code.
Well this looks like it could be your problem
$query = " SELECT password FROM users WHERE username=?";
Your Query has one parameter in it for username, but you are adding two parameters to the command.
$stmt->bindParam('username', $username, PDO::PARAM_STR);
$stmt->bindValue('password', $password, PDO::PARAM_STR);
Also... I surely hope you aren't saving passwords as plain text.
Share this answer
Maciej Los 6-Apr-20 11:47am    
gavin_daCEO 7-Apr-20 9:09am    
Thank you, i am trying to work out how i can build the query so it can work. No i do not store the passwords in plain texts
MadMyche 7-Apr-20 9:18am    
You're welcome.
I figured I would check as many people do store them plain
gavin_daCEO 7-Apr-20 9:48am    
Thank you so much once i have built a working query and it works i will let you know. thanks again

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900