Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- function login($email, $password, $mysqli) {
- // Using prepared statements means that SQL injection is not possible.
- if ($stmt = $mysqli->prepare("SELECT id, username, password
- FROM members
- WHERE email = ?
- LIMIT 1")) {
- $stmt->bind_param('s', $email); // Bind "$email" to parameter.
- $stmt->execute(); // Execute the prepared query.
- $stmt->store_result();
- // get variables from result.
- $stmt->bind_result($user_id, $username, $db_password);
- $stmt->fetch();
- $stmt->bind_param('s', $email); // Bind "$email" to parameter.
- $stmt->execute(); // Execute the prepared query.
- $stmt->store_result();
- function login($email, $password, $query) {
- // Using prepared statements means that SQL injection is not possible.
- if ($query = "SELECT id, username, password
- FROM members
- WHERE email = ?
- LIMIT 1";
- $results = pg_query($query);
- if (!$results) {
- echo "Problem with query " . $query . "<br/>";
- echo pg_last_error();
- exit();
- }
- $user_id = $myrow[user_id];
- $username = $myrow[username];
- $db_password = $myrow[db_password];
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement