phpmyadmin Question posted in
The official documentation can be found here.

PHP PDO Change Table Status To Ban User – Phpmyadmin

I’ve successfully after looking at other peoples code made a working login system for my software, I’m not very fluent in PHP or PDO so I would really appreciate some help with my following issue.

This is the whole code:

if ( isset($_GET['username'], $_GET['password'], $_GET['hwid']) ) {

//We use prepared statements, why? Because it's much more safe.
$userStatement = $connect->prepare('SELECT * FROM ROE WHERE username = :u AND password = :p');
//We bind each param, no need to use htmlspecialchars or real_escape_string since PDO will do this for us
$userStatement->bindParam(':u', $_GET['username'], PDO::PARAM_STR);
$userStatement->bindParam(':p', $_GET['password'], PDO::PARAM_STR);
//We only continue when the statement is succesfully executed.
if ( $userStatement->execute() ) {
    echo $userStatement->fetchColumn(0) > 0 ? '5352978916' : '0017577757';
}

//We use prepared statements, why? Because it's much more safe.
$userStatement1 = $connect->prepare('SELECT * FROM ROE WHERE hwid = :h');
//We bind each param, no need to use htmlspecialchars or real_escape_string since PDO will do this for us
$userStatement1->bindParam(':h', $_GET['hwid'], PDO::PARAM_STR);
//We only continue when the statement is succesfully executed.
if ( $userStatement1->execute() ) {
    echo $userStatement1->fetchColumn(0) > 0 ? '<br /><br />4201426523' : '<br /><br />8940042580' . $userStatement = $connect->prepare("UPDATE ROE SET status='2' WHERE username=':u'");
}

}

This line of code is what tells me if the user has logged in correctly:

        echo $userStatement1->fetchColumn(0) > 0 ? '<br /><br />4201426523' : '<br /><br />8940042580' . $userStatement = $connect->prepare("UPDATE ROE SET status='2' WHERE username=':u'");

When the website displays 4201426523 the field is correct and when the website displays 8940042580 it is incorrect. Now I’ve tried adding a banning function which will work if the website displays 8940042580 it should change the users ‘status’ in my phpmyadmin database to 2 however it’s not working.

Could someone please help me?

Thanks in advance!

Tags:

2

Answers


  1. 0

    Actually you are only preparing query in the last if statement:

    $userStatement = $connect->prepare("UPDATE ROE SET status='2' WHERE username=':u'");

    without executing it with

    $userStatement->execute();
    Login or Signup to reply.
  2. 0

    This statement doesn’t make any sense:

    echo $userStatement1->fetchColumn(0) > 0 ? 
    '<br /><br />4201426523' : 
    '<br /><br />8940042580' . $userStatement = $connect->prepare("UPDATE ROE SET status='2' WHERE username=:u");

    When the result of fetchColumn(0) is 0, you are attempting to output the string '<br /><br />8940042580' concatenated to the result object from a prepare statement, which should be giving you an “object could not be converted to string” error.

    I think what you wanted to write is:

    if ($userStatement1->fetchColumn(0) > 0) {
    echo '<br /><br />4201426523';
}
else {
    echo '<br /><br />8940042580';
    $userStatement = $connect->prepare("UPDATE ROE SET status='2' WHERE username=:u");
    $userStatement->bindParam(':u', $_GET['username'], PDO::PARAM_STR);
    $userStatement->execute();
}
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search