-2
I’m trying to make a select using the prepare. However, it simply cannot do this select and returns me that the user or password is wrong. Code below:
<?php
session_start();
include("conexao.php");
$consulta = $conexao->prepare("SELECT * FROM login WHERE login = ? AND senha = ?");
$consulta->bind_param("ss", $login, $senha);
$login = mysqli_real_escape_string($conexao, $_POST['login']);
$senha = mysqli_real_escape_string($conexao, $_POST['senha']);
$consulta->execute();
$row = $consulta->num_rows;
if($row == 1):
$_SESSION['login'] = $login;
header("Location: ../../boa/index.php");
exit;
else:
$_SESSION['nao_logado'] = true;
header("Location: ../index.php");
exit;
endif;
The way I’m doing this wrong? Thank you.
You are using the variables
$loginand$senhabefore initializing them.– Andre
It does not proceed your information, since I am using "PREPARE". In this case, I am running, after the variables.
– Jose JR
In
bind_paramyou are using the variables$loginand$senha, that have not even been initialized yet. What does not proceed?– Andre
My God! My friend, if you don’t know about PREPARE, please don’t comment. Study a little https://www.php.net/manual/en/mysqli.prepare.php
– Jose JR
https://www.php.net/manual/en/mysqli-stmt.bind-param.php
– Jose JR
What is the need of
mysqli_real_escape_stringif you are already using a Prepared statement?– Luiz Felipe
I tried to use without it, but still incorrect password
– Jose JR
In var_dump it always shows the " public 'num_rows' => int 0"
– Jose JR
Try to get the result with get_result() to see why this is happening
– Cláudio Silva
Already solved friend, grateful.
– Jose JR