0

So here is the deal. I wanted to create login screen for my web application but it seems that I stuck at accessing table (korisnici) in my database.

I keep getting this line of text when I try to login:

Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[HY093]: Invalid parameter number: parameter was not defined'

Here is my code:

<?php
 session_start();

// sadrži podatke potrebne za spajanje na bazu
define('DB_HOST', 'localhost'); // naziv servera - najčešće nije potrebno mijenjati ako je server lokalni
define('DB_NAME', 'razvrstane_ceste'); // naziv baze
define('DB_USER', 'razvrstane'); // korisnik za spajanje
define('DB_PASS', 'razvrstane'); // lozinka baze


 //PDO Database Connection
 try {
 $databaseConnection = new PDO('mysql:host='.DB_HOST.';dbname='.DB_NAME.';charset=utf8', DB_USER, DB_PASS );
 $databaseConnection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 } catch(PDOException $e) {
 echo 'ERROR: ' . $e->getMessage();
 }


//PDO Database Connection


 if(isset($_POST['submit'])){
 $errMsg = '';
 //ime and password sent from Form
 $ime = trim($_POST['ime']);
 $lozinka = trim($_POST['lozinka']);

 if($ime == '')
 $errMsg .= 'You must enter your Username<br>';

 if($lozinka == '')
 $errMsg .= 'You must enter your Password<br>';


 if($errMsg == ''){
 $records = $databaseConnection->prepare('SELECT id,ime,lozinka FROM  korisnici WHERE lozinka = :lozinka');
 $records->bindParam(':ime', $ime);
 $records->execute();
 $results = $records->fetch(PDO::FETCH_ASSOC);

 if(count($results) > 0 && password_verify($lozinka, $results['lozinka'])){
 $_SESSION['ime'] = $results['ime'];
 header('location:razvrstane_ceste.php');
 exit;
 }else{
 $errMsg .= 'Username and Password are not found<br>';
 }
 }
 }

?>


<html>
<head><title>Login Page PHP Script</title></head>
<body>
 <div align="center">
 <div style="width:300px; border: solid 1px #006D9C; " align="left">
 <?php
 if(isset($errMsg)){
 echo '<div style="color:#FF0000;text-align:center;font-size:12px;">'.$errMsg.'</div>';
 }
 ?>
 <div style="background-color:#006D9C; color:#FFFFFF; padding:3px;"><b>Login</b></div>
 <div style="margin:30px">
 <form action="" method="post">
 <label>Korisnik  :</label><input type="text" name="ime" class="box"/><br /><br />
 <label>Zaporka  :</label><input type="password" name="lozinka" class="box" /><br/><br />
 <input type="submit" name='submit' value="Submit" class='submit'/><br />
 </form>
 </div>
 </div>
 </div>
</body>
</html>
Improve this question
1
  • Your bind_param is wrong. Commented May 18, 2015 at 11:09

3 Answers 3

Reset to default
1

Change this line of code:

$records = $databaseConnection->prepare('SELECT id,ime,lozinka FROM  korisnici WHERE lozinka = :lozinka');
 $records->bindParam(':ime', $ime);

here you are in the WHERE condition the parameter name is :lozinka and in bindParam() method you have the parameter name as :ime, make the parameter names same at both placese

use the below code:

$records = $databaseConnection->prepare('SELECT id,ime,lozinka FROM  korisnici WHERE lozinka = :lozinka');
 $records->bindParam(':lozinka', $ime);

I hope this helps you.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Thx for the fast solution. Indeed it fixed previous PDO error (PDOException) so thank you all for fast and correct respond (+1). But now it raised new issue. Now it seems that I have issue with username and password. I get error message $errMsg .= 'Username and Password are not found<br>';
it returns variable $errMsg with value of Username and Password are not found
$errMsg is not your PDO error but your data missing in your database error message. I hope this helps you.
Hmmm, there seems to be problem with database for sure. Nevertheless, thank you all for quick response.
1

You have put in the incorrect name for the parameter when you are using :lozinka

$records->bindParam(':ime', $ime);

needs to be

$records->bindParam(':lozinka', $ime);

Or change the parameter in the prepare statement.

Improve this answer

Comments

1

This is because you provided wrong placeholder and binding value with other,

 if($errMsg == ''){
 $records = $databaseConnection->prepare('SELECT id,ime,lozinka FROM  korisnici WHERE lozinka = :lozinka');
 $records->bindParam(':ime', $ime);

it should be like:
 if($errMsg == ''){
 $records = $databaseConnection->prepare('SELECT id,ime,lozinka FROM  korisnici WHERE lozinka = :lozinka');
 $records->bindParam(':lozinka', $ime);

Bind lonzinka

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.