Catch field on table with Mysqli

Asked

Viewed 889 times

0

I am trying to create in my code a comparison to check if the password entered is equal to registered.

I used it as follows;

function confirmaPedido ($conexao, $numeroPedido, $senha) {
$querySenha = mysqli_query($conexao, "Select senha from adm where senha = $senha");
    if (!is_numeric($numeroPedido) || empty($numeroPedido)) {
        echo "Por favor insira um NUMERO no campo numero do pedido";
    }
    elseif ($senha === $querySenha) {
        $queryApaga = mysqli_query($conexao, "delete from pedido where pedido = $numeroPedido");
        echo "Pedido finalizado com sucesso.";
    }
    else {
        echo "Senha ou Pedido não são validos, tente novamente!";
    }
}

If I use the operator to check if $senhaPedido is exactly the same as $senha The code jumps to Else. i received the reply from another user but could not understand very well.

mysqli_query returns a mysqli_result. You will need to usemysqli_fetch_* to pick up the line and then get the "password field".

How so query returns result? what is the difference between the 2? and how do I "select" the password field in the table and check if it is identical?

1 answer

2

Just fixing what you asked for would be something like this:

function confirmaPedido ( $conexao, $numeroPedido, $senha ) {
   $resultado = mysqli_query( $conexao,
      "SELECT senha FROM adm WHERE senha = '$senha' "
   );

   if (!is_numeric($numeroPedido) || empty($numeroPedido)) {
      echo "Por favor insira um NUMERO no campo numero do pedido";
   }
   elseif( $result->fetch_row( $resultado ) ) {
      $queryApaga = mysqli_query($conexao, "delete from pedido where pedido = $numeroPedido");
      echo "Pedido finalizado com sucesso.";
   }
   else {
      echo "Senha ou Pedido não são validos, tente novamente!";
   }
}

The $result->fetch_row( $resultado ) serves to catch the exit of query. In this case, I am not using the result itself, because if the where returned something, is why the password has already hit.

Now, here is a list of things you can take into consideration to make an application more complete:

  • You’re storing the passwords in the database. This is bad in terms of safety, the ideal would be to store irreversibly (using some kind of hash + salt, at least), and when testing the password provided by the user, repeat the process and see if ps hashes beat.

  • You are concatenating strings to make your SELECT. The ideal is to use Binding to avoid SQL injections and also organize your code. Here are more details

  • You are first taking the DB data, and testing the order number later. Much better to test the order number, because if it comes empty you don’t even have to query, which will be in vain in this situation.

  • Thanks for the help Bacco, could you tell me how it would work in Procedural style? I’m still a beginner when it comes to database with PHP, I’m right at the beginning still and I’m trying to turn around using "my logic" understand? I want to see if the way I think it works. .

  • procedural is what I used inside elseif, $objeto->método() instead of mysqli_fetch_row() I used $return, which is a "result" object, and this object I called the method fetch_row.

  • Rafaelacioly see about procedural vs functional in this @rray response: http://answall.com/a/33625/70

Browser other questions tagged

You are not signed in. Login or sign up in order to post.