2

I have the below PHP code for returning the user details from the table 

<?php

$con=mysqli_connect("localhost","root","");
if(!$con)
    {
        die('Could not connect'.mysqli_error());
    }
mysqli_select_db($con,"mysql");
$username=$_POST["username"];
$password=$_POST["password"];
$statement=mysqli_prepare($con,"Select * from bbau_login where username= ? and password= ? ");
mysqli_stmt_bind_param($statement,"ss",$username,$pasword);
mysqli_stmt_execute($statement);
mysqli_stmt_store_result($statement);
mysqli_stmt_bind_result($statement,$id,$name,$username,$password);

$user=array();

while(mysqli_stmt_fetch($statement))
    {
        $user['name']=$name;
        $user['username']=$username;
        $user['password']=$password;
    }
echo json_encode($user);
mysqli_stmt_close($statement);
mysqli_close($con);

?>

But it is returning null result when I am hitting this code from the application. If I run the sql with hard coded value

Select * from bbau_login where username= 'aqsdfg' and password= 'adjbf'

then I am getting the desired result but not with the sql specified in the php script

Also I checked I am getting the proper values in $username and $password. I think i need to pass the $username and $password in quotes. Please can someone help in writing correct query with quotes.

Improve this question
1
  • You are calling the prepared statement function so it cannot retrieve your data's Commented Sep 9, 2015 at 8:05

2 Answers 2

Reset to default
4

Well, I would think that a consistent spelling of pasword/password would help immensely:

#  vv
$password=$_POST["password"];
:
mysqli_stmt_bind_param($statement,"ss",$username,$pasword);
#                                                   ^

You may well, as you state, be "getting the proper values in $username and $password", but that's not going to help if you don't actually use what's in $password :-)

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

And test your $_POST variables too =)
@Fky, yes, there's all sorts of other good advice such as what you've stated, and explicitly asking for the columns in order (no * allowed) so that the result binding doesn't screw up should column order change, and doing the associative arrays correctly so that later rows don't overwrite earlier ones. But, really, the question is about why no rows are being returned, all that other stuff is superfluous in the context of the question :-)
Yes but an advice who can helps to improve code quality is good to learn ;)
0

You have written incorrect spelling of password while passing it

change

 mysqli_stmt_bind_param($statement,"ss",$username,$pasword);

to 

mysqli_stmt_bind_param($statement,"ss",$username,$password);
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.