0

I have been trying this query from long time but this query returns nothing, or let say rowCount returns 0 and if i try to fetchAll and prints it gives me empty array

public function Login($email, $password)
    {
        $stmt = $this->pdo->prepare("SELECT user_id from users where email = :email AND password  = :password");
        $stmt->bindParam(":email", $email,  PDO::PARAM_STR);
        $stmt->bindParam(":password", $password,  PDO::PARAM_STR);
        $stmt->execute();

        $user  = $stmt->fetch(PDO::FETCH_OBJ);
        $count = $stmt->rowCount();

        if($count >0){
            $_SESSION['user_id'] = $user->user_id;
            header('Location:home.php');
        }else{
            return false;
        }
    }
Susheel Kumar
  • 29
  • 1
  • 6
  • did you try to display `$email` and `$password` in the function to be sure the values are correct? By the way your logic is dangerous. First: never store a non hashed password in database, always hash it before (not encryption that can be decoded, a one-way hash). Then it's also better to retreive the user from only its email in the query, then with the result you compare the result pass hash with the one provided (i won't go into details, trust me, it's better). – Kaddath Nov 23 '17 at 09:33
  • log the query and check error in query – User123456 Nov 23 '17 at 09:33
  • For hash version I did this $stmt->bindParam(":password", md5($password), PDO::PARAM_STR); – Susheel Kumar Nov 23 '17 at 09:36
  • 1
    **Never store md5 hashed passwords!** PHP provides [`password_hash()`](https://php.net/manual/en/function.password-hash.php) and [`password_verify()`](https://php.net/manual/en/function.password-verify.php) please use them. If you are using a PHP version prior to 5.5 [there is a compatibility pack available here](https://github.com/ircmaxell/password_compat). Make sure you [**don't escape passwords**](https://stackoverflow.com/q/36628418/5914775) or use any other cleansing mechanism on them before hashing. Doing so changes the password and causes unnecessary additional coding. – Tom Udding Nov 23 '17 at 09:43
  • Please could you please tell me why I am getting false, the query is fine, email and password are fine too. – Susheel Kumar Nov 23 '17 at 09:44
  • if there is no error AND no data then it means that there is no data to match your query – Your Common Sense Nov 23 '17 at 09:50
  • 1
    Just a quick comment (I didn't dig deep into the question) but I've seen endless questions here about counting the rows of a MySQL result-set that doesn't go as expected. I'm always surprised because I've never needed to do so in 15+ years or career, not a single time, let alone just to determine if there are results or not. I run the query and immediately ask for results. If I *do* get results, that's proof enough that there are results—I don't need to ask for a count. Cheers! – Álvaro González Nov 23 '17 at 09:50
  • 1
    @TomUdding I am getting user id from object $user = $stmt->fetch(PDO::FETCH_OBJ); – Susheel Kumar Nov 23 '17 at 09:51
  • @SusheelKumar didn't see that, my bad. – Tom Udding Nov 23 '17 at 10:05

0 Answers0