PHP PDO Login script not working

Question

Another newbie here.. I\'m trying to fix below code to prevent sql injection and learn the new way of writing php and sql.

Your kindly advise would be greatly appreciat

Answer 1

You can't mix mysql with mysqli or PDO. You need to look at your error logs because this should not be possible - you should be seeing tons of fatal errors.

public function getUser($uid, $password) {
    $stmt = $db->prepare("SELECT * FROM users WHERE id=? AND pswd=?");
    $stmt->execute(array($uid, $password));
    return $stmt->fetch();
}

Answer 2

Here is some example code on how to use PDO and prepared statements:

$dbh = new PDO('mysql:host=hostname_or_ip;dbname=name_of_database', 'username', 'password');
$stmt = $dbh->prepare("SELECT * FROM users WHERE id = :id AND pswd = :password");
$stmt->bindValue('id', $id);
$stmt->bindValue('password', $password);
if ($stmt->execute()) {

    if ($user = $stmt->fetchObject()) {

       // here you go 
    }
}

Answer 3

There are quite a few problems with what you are doing including what Xeoncross has said.

I would advise taking a look at this tutorial to give you a better grasp of PDO. He walks you through things very clearly.

Try rewriting after looking at this tut, then if you are still having problems come back.