Returning a field from mysql using rowCount is not working

1
votes

I want the following code to return the userID from mysql tblUser of the user if the email and password matched. Currently it is not returning anything

<?php

     include 'config.inc.php';

     // Check whether username or password is set from android  
     if(isset($_POST['email']) && isset($_POST['password']))
     {
          // Innitialize Variable
          $result='';
          $email = $_POST['email'];
          $password = $_POST['password'];

          // Query database for row exist or not
          $sql = 'SELECT UserID FROM tblUser WHERE  email = :email AND password = :password';
          $stmt = $conn->prepare($sql);
          $stmt->bindParam(':email', $email, PDO::PARAM_STR);
          $stmt->bindParam(':password', $password, PDO::PARAM_STR);
          $stmt->execute();
          if($stmt->rowCount())
          {
             $result="true" . UserID;   
          }  
          elseif(!$stmt->rowCount())
          {
                $result="false";
          }

          // send result back to android
          echo $result;
    }

?>
1
phpmysqlpdorowcountbindparam
Never store passwords in clear text!. Only store password hashes! Use PHP's password_hash() and password_verify() . If you're running a PHP version lower than 5.5 (which I really hope you aren't), you can use the password_compat library to get the same functionallity. - M. Eriksson
You can't just write UserID in your code to get the result (that's, most likely, an undefined constant). You need to read the manual about how to get the result: php.net/manual/en/pdostatement.fetch.php - M. Eriksson
Or your initial conditions are not met or your script errors out. You need to display the errors or check your server log to see if there are any. - jeroen
Btw, you don't need to useelseif in that statement. You only need else since there can only be two states for that expression. - M. Eriksson

1 Answers

0
votes

For most databases, PDOStatement::rowCount() does not return the number of rows affected by a SELECT statement. Instead, use PDO::query() to issue a SELECT COUNT(*) statement with the same predicates as your intended SELECT statement, then use PDOStatement::fetchColumn() to retrieve the number of rows that will be returned. Your application can then perform the correct action.

instead, you could do 

      if($data = $stmt->fetch())
      {
         $result="true".$data['UserID'];
      }  
      else
      {
            $result="false";
      }