Okay, did some searching on the web and I have no clue why this isn't working:
Code: Select all
$statement=$db->prepare('SELECT * FROM accounts WHERE username=? AND password=?');
$statement->bind_param('ss', $username, $password);
$statement->execute();
$rowAID=0;
$rowUsername='';
$rowPassword='';
$rowEmail='';
$rowDateRegistered='';
$rowPrivilege=0;
$rowTokens=0;
$statement->bind_result($rowAID,$rowUsername,$rowPassword,$rowEmail,$rowDateRegistered,$rowPrivilege,$rowTokens);
if (!$statement->fetch())
{
echo "What the fuck!?";
}
else
{
while($statement->fetch())
{
printf("%s %s/n", $rowUsername, $rowAID);
}
}
So if we start with the SELECT statement, what I'm trying to do here is select all of the rows with all of the columns of the username & password that match the login page parameters you type in. That is where the $username and $password come from when I bind them. Then I want to execute the statement so that it can give me the match. Here is the kicker, for some strange reason when I do the fetch(), it seems to fail and give me the "What the fuck!?".
What is the proper way of doing this stuff? I thought this mySQLi stuff would be a breeze, this is being more challenging than I expected.
Edit: Reason I am confused is because this code works as expected:
Code: Select all
<?php
/* Grindfest Code
Created: May 13, 2014
By: Sharlenwar aka Martin Holubec */
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body id="main_html">
<section>
<?php
include_once 'connect.php';
$username=$_POST['username'];
$password=$_POST['password'];
$password2=$_POST['password2'];
$username=strip_tags($username);
$email=$_POST['email'];
$email=strip_tags($email);
if ($email == "")
{
echo "You didn't enter a email address!<br>";
echo "<a href='register.php'>Go Back</a>";
exit;
}
if ($password==$password2)
{
$statement=$db->prepare('SELECT * FROM accounts WHERE username=?');
$statement->bind_param("s", $username);
$rowAID=0;
$rowUsername='';
$rowPassword='';
$rowEmail='';
$rowDateRegistered='';
$rowPrivilege=0;
$rowTokens=0;
$statement->bind_result($rowAID,$rowUsername,$rowPassword,$rowEmail,$rowDateRegistered,$rowPrivilege,$rowTokens);
$statement->execute();
if (!$_POST['password'] || !$_POST['password2'])
{
print "You did not enter a password!<br>";
echo "<a href='register.php'>Go Back</a>";
exit;
}
else if ($statement->fetch() || strlen($username) > 30 || strlen($username) < 1)
{
print "There is already a user of that name, or the name you have specified is over 30 letters or less than 1 letter.<br>";
echo "<a href='register.php'>Go Back</a>";
exit;
}
else
{
$statement2=$db->prepare('SELECT * FROM accounts WHERE email=?');
$statement2->bind_param('s', $email);
$rowAID2=0;
$rowUsername2='';
$rowPassword2='';
$rowEmail2='';
$rowDateRegistered2='';
$rowPrivilege2=0;
$rowTokens2=0;
$statement2->bind_result($rowAID2,$rowUsername2,$rowPassword2,$rowEmail2,$rowDateRegistered2,$rowPrivilege2,$rowTokens2);
$statement2->execute();
if ($statement2->fetch())
{
print "There is already a player with that email address!<br>";
echo "<a href='register.php'>Go Back</a>";
exit;
}
else
{
$password=md5($password);
$statement3=$db->prepare('INSERT INTO accounts(username,password,email) VALUES(?,?,?)');
$statement3->bind_param('sss', $username, $password, $email);
$statement3->execute();
print "Thank you for registering!<br>";
}
}
}
else
{
print "Your password didn't match or you did not enter a password!<br>";
echo "<a href='register.php'>Go Back</a>";
exit;
}
echo "<a href='login.php'>Login Page</a>";
?>
</section>
</body>
</html>