problem of data recovery

  • <?php
    header('Access-Control-Allow-Origin: *');
    $base = new mysqli('localhost', 'root', '', 'stockage');
    // Check connection
    if ($base->connect_errno) {
     die("Failed to connect to MySQL: " . $base->connect_error);
    }
    
    $sql = "SELECT id FROM user where username = ?";
    
    if (!$stmt = $base->prepare($sql))
    {
     echo "Prepare failed: (" . $stmt->errno . ") " . $stmt->error;
    }
    if (!$stmt->bind_param("s", $_GET['name'])){
     echo "Bind failed: (" . $stmt->errno . ") " . $stmt->error;
    }
    if (!$stmt->execute()){
     echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
    }
    if (!$result = $stmt->get_result()) {
     echo "Get result failed: (" . $stmt->errno . ") " . $stmt->error;
    }
    if ($result->num_rows > 0) {
     $row = $result->fetch_object();
     echo $row->id;
    }
    else
    {
     echo 'No user found with that name';
    }
    ?>
    

    I do not know mysqli.

    I always went through PDO.

    the error now returns:

    No user found with that name.

    and yes, there are no passwords.

    I am local with wamp.

    my connection to the database in PDO works.

    she is correct.

    in this case I found it's result.

    on the internet for the function.

    I do not know how it works

    php.net/manual/fr/pdostatement.bindparam.php

  • Try Construct 3

    Develop games in your browser. Powerful, performant & highly capable.

    Try Now Construct 3 users don't see these ads
  • the error now returns:

    No user found with that name.

    That's perfect!

    That means that the username you searched for wasn't in the database. That's good because it means there were no errors. You connected to the database, you performed a query but it returned 0 results.

    Now, all you have to do is add a user to the database and search for them.

    Binding params is relatively new to php. It's purpose is to prevent things like SQL injection when getting query strings like $_GET. Basically, the way it works is this.

    In your query you substitute the ? for the insecure variables you want to put in the query.

    You then prepare the query. Then you bind the variables to the query. In the bind_param the 's' simply tells the bind command that you're passing a string and it substitutes the first ? (which it now knows is a string) for the $_GET["name"]. If you have say 3 ?'s in your query:

    SELECT id from user where username = ? and birthday = ? and country = ?

    $stmt->bind_param("sss", $_GET["username"], $_GET["birthday"], $_GET["country"])

    Then, you execute the query and finally get the results.

    Very glad you got it working!

  • just the username I got from the input field.

    they exist in the database ..

  • What's the exact user name you're looking for?

  • nicolas

  • Ok, I was just curious as to whether there might be characters in there that might affect the sql. Seems not.

    Well, I'm out of ideas. All I can tell you now is that the code is working. It's either your SQL that's not right or your database isn't right.

  • ok thanks for the help.

    me my database works.

    if i create a form directly from my login.php page.

    it works to send and receive ...

Jump to:
Active Users
There are 1 visitors browsing this topic (0 users and 1 guests)