PDO - bindParam not working
Solution 1
As @YourCommonSense already mentioned, raw PDO interface is a little bit clearer, however the problem is probably due to the use of function PDOStatement::bindParam() instead of PDOStatement::bindValue().
The difference between those two is that, the first one takes a variable reference, which is constantly overwritten in your foreach loop, while the last one takes the actual value of the variable.
If you're looking for some more friendly database connection interface, why won't you try Doctrine DBAL?
Solution 2
Just get rid of this function, PDO already has it
$email = $_POST['email'];
$password = $_POST['password'];
$password = hash('sha256', $password);
$this->db->prepare('SELECT * FROM `users` WHERE `email` = :email AND `password` = :password LIMIT 1');
$stmt = $this->db->execute(array(':email'=> $email,':password' => $password));
$this->template->user = $this->db->fetch();
That's all code you need (assuming your class' execute is a regular PDO execute)
Or, to make it in raw PDO:
$email = $_POST['email'];
$password = $_POST['password'];
$password = hash('sha256', $password);
$sql = 'SELECT * FROM users WHERE email = ? AND password = ? LIMIT 1';
$stmt = $this->db->prepare($sql);
$stmt->execute(array($email, $password));
$this->template->user = $stmt->fetch();
So, it seems your class require more code than raw PDO. Are you certainly sure you need this class at all?
Related videos on Youtube
16 : 23
07 : 04
06 : 57
09 : 00
19 : 16
01 : 24
01 : 25
01 : 12
Comments
-
yoda over 1 year
I'm creating a PDO class to use on my projects, but since I'm new to it I'm not being able to bind parameters to a prepared sql statement, with not error whatsoever. Here's the function that is ment to do it :
# ::bindParam public static function bind() { # get function arguments $args = func_get_args(); # check for any arguments passed if (count($args) < 1) { return false; } foreach ($args as $params) { # named variables for convenience $parameter = $params[0]; $variable = $params[1]; $data_type = isset($params[2]) ? $params[2] : PDO::PARAM_STR; $length = isset($params[3]) ? $params[3] : null; # bind param to query Database::$statement->bindParam($parameter, $variable, $data_type, $length) or die('error'); } }and a prepared sql statement :
SELECT * FROM `users` WHERE `email` = :email AND `password` = :password LIMIT 1Can someone point me in the right direction? The query produces no errors at this point. Note that I am assuming the problem is here, although it might not, since I'm only using bindParam() and prepare().
edit - trigger code
$email = $_POST['email']; $password = $_POST['password']; $password = hash('sha256', $password); $this->db->prepare('SELECT * FROM `users` WHERE `email` = :email AND `password` = :password LIMIT 1'); $this->db->bind( array(':email', $email), array(':password', $password) ); $status = $this->db->execute(); if ($status) { $result = $this->db->fetch('assoc'); $this->template->user = $result; } else { $this->template->user = false; }-
hakreAlso: You need to provide the error message. Or did I just read over it w/o noticing?
-
-
yoda about 11 yearsWhat if I need the other optional params on bindParam()?
-
tadman about 11 yearsWhy did you remove the named parameters? They make the bindings almost impossible to screw up.
-
yoda about 11 yearsThanks, PDO was not giving me any hint on that. I need to build my own mask to use PDO in order to extend for models in a MVC architecture.
-
tadman about 11 years+1 for recommending a framework rather than the "rub sticks together to make fire" PDO solution.
-
Your Common Sense about 11 years@yoda got an example? The only issue known to me is LIMIT clause which can be easily solved.
