1

The validation seems to fail for some reason. By the validation, I mean the "if ($result)" -part. How can I correctly validate SQL-query?

$dbconn = pg_connect("host=localhost port=5432 dbname=heoa user=heoa password=123");
$email  = $_POST['login']['email'];

$result = pg_query_params( $dbconn,
                'SELECT user_id
                FROM users
                WHERE email = $1',
                array( $email )
                );
if ($result)
{
        while ( $row = pg_fetch_array( $result ) )
        {
                $user_id = $row['user_id'];
        }
        return $user_id;
}
Improve this question
0

2 Answers 2

Reset to default
2

I suspect that the return value is integer zero which is also interprested as false in the if statement. By doing "if ($result !== FALSE)" (Note that it should be !== and not !=) you'll verify if the result really is different than FALSEand not just false...

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

This can't be correct because per documentation, pg_query_params returns A query result resource on success or FALSE on failure. This code is correct except that it should call pg_last_error() to know why the db failed on that query.
0

Should you add apostraphe's around $1 in your SQL query, as in?

SELECT user_id
FROM users
WHERE email = '$1'

I'm not sure how PHP expands the $1 variable.

Improve this answer

2 Comments

(a) PHP doesn't expand variables in single-quoted strings. (b) Using the $1 parameters is correct usage in the pg API. (c) Don't put query parameters in quotes, because they'll be interpreted as literal strings in the SQL expression, instead of parameters.
thanks, I wasn't sure. I haven't coded PHP pages in at least five years so the rust is pretty thick if you get my gist

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.