0

This is how I would normally check for empty results: mysql_fetch_assoc

However, I am using PDO for a client and in this login function, I want to return some text or a number or boolean to say a row was found or not.

public function Login ($email,$password)
{
  $sqlQuery="SELECT * FROM db_user WHERE email= '".$email."'  AND password='".$password." '";
  $statement = $this->_dbHandle->prepare($sqlQuery); // prepare a PDO statement
  $statement -> execute();

  $dataSet= [];
  if(mysql_num_rows($statement) == 1){
    echo 'login true';
  } else {
    echo 'login false';
  }
Improve this question
4
  • so this works? or not ? Commented Sep 4, 2015 at 6:37
  • use$count = $statement->num_rows; instead mysql_num_rows Commented Sep 4, 2015 at 6:37
  • 1
    Try using a COUNT(*) statement instead. You can't use both PDO and mysql at the same time. Well you could but it would be silly...and also not in the way you are trying. Commented Sep 4, 2015 at 6:42
  • mysql_num_rows isn't PDO. You can't mix APIs like that. It should be $statement->numRows(). Commented Sep 4, 2015 at 7:05

3 Answers 3

Reset to default
2

Both other answers are essentially unacceptable.
And not because they lack cleanness but because they are awfully dangerous

public function Login ($email,$password)
{
  $sql="SELECT 1 FROM db_user WHERE email=?  AND password=?";
  $stmt = $this->_dbHandle->prepare($sql);
  $statement -> execute([$email, $password]);
  return $stmt->fetchColumn();
}

You should be using prepared statements, not just mimicking them.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

on line '$statement -> execute($email, $password);' the 'execute' method expecting an array rather than string. It'll should be like '$statement -> execute(array($email, $password));'
Not seen @Your Common Sense in a long time... though you were banned
0 
  $sqlQuery="SELECT * FROM db_user WHERE email= '".$email."'  AND password='".$password." '";
  $statement = $this->_dbHandle->prepare($sqlQuery); // prepare a PDO statement
  $statement -> execute();
  $rows = $statement ->fetch(PDO::FETCH_ASSOC);

  if( ! $rows)
  {
    die('Empty Records');
  }
Improve this answer

1 Comment

This looks really clean.
0 
  $sqlQuery= "SELECT * FROM db_user WHERE email= ? AND password= ?";
  $statement = $this->_dbHandle->prepare($sqlQuery); // prepare a PDO

  // pass parameter to tackle [SQL Injection][1]
  $stmt->execute(array($email, $password)); 

  $result = $stmt->fetch();
  if( $result ) {
      echo "login true";
  }else{
      echo "login false";
  }
Improve this answer

2 Comments

Do not use try catch for error reporting
@YourCommonSense I never know that. Editing my answer.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.