Out of the box magic.. With PDO

StackOverflow https://stackoverflow.com/questions/11933327

  •  26-06-2021
  •  | 
  •  

Question 

        try{
            $pdo = new PDO("mysql:host=localhost;dbname=name", 'user', 'pass');
            $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
            $statement = "SELECT id FROM users WHERE email LIKE ?";
            $stmt = $pdo->prepare($statement);
            $stmt->bindParam(1, htmlspecialchars($this->params['email']), PDO::PARAM_STR);
            $stmt->setFetchMode(PDO::FETCH_ASSOC);
            $row = $stmt->fetch();

        }catch (PDOException $e) {
            echo $e;
        }

        print_r($row[0]['id']);

        if(is_int($row[0]) > 0) {
            throw new Exception();
        } elseif(is_int($row[0]) > 0) {
            //Generating encryption
            $crypt = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_CBC, '');
            $iv = mcrypt_create_iv(32, MCRYPT_RAND);
            $key = mcrypt_create_iv(32, MCRYPT_RAND);
            $password = mcrypt_create_iv(12, MCRYPT_RAND);
            mcrypt_generic_init($crypt, $key, $iv);
            $crypted = mcrypt_generic($crypt, $password);


            $activation = mcrypt_create_iv(128, MCRYPT_RAND);

            mcrypt_generic_deinit($crypt);




            try{
                $pdo = new PDO("mysql:host=localhost;dbname=name", 'user', 'pass');
                $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
                $statement = "INSERT INTO users(name, password, cryptokey, cryptovector, email, activation_code, active, usertype) values(?, ?, ?, ?, ?, ?, 0, ?); ";
                $stmt = $pdo->prepare($statement);
                $stmt->bindParam(1, mysql_real_escape_string($this->params['name']), PDO::PARAM_STR);
                $stmt->bindParam(2, $password, PDO::PARAM_STR);
                $stmt->bindParam(3, $key, PDO::PARAM_STR);
                $stmt->bindParam(4, $iv, PDO::PARAM_STR);
                $stmt->bindParam(5, mysql_real_escape_string($this->params['email']), PDO::PARAM_STR);
                $stmt->bindParam(6, $activation, PDO::PARAM_STR);
                $stmt->bindParam(7, mysql_real_escape_string($this->params['acctype']), PDO::PARAM_STR);

                $stmt = null;

            }catch (PDOException $e) {
                print_r($e);
            }


            $smarty = new Smarty();

            $smarty->assign('NAMES',$this->params['name']);
            $smarty->assign('UNIT', $this->params['acctype']);
            $smarty->assign('KEYPASS',$password);
            $smarty->assign('NAMES',$this->params['name']);
            $smarty->assign('ACTIVATION_LINK','https://localhost/profile.php?action=activate&key='.urlencode($activation).'&email='.urlencode($this->params['email']));

            $msgBody = $smarty->fetch('templates/default/mail.html');

            try {
                $mail = new PHPMailer();

                $mail->Host = "server";
                $mail->SMTPAuth = TRUE;
                $mail->Host = "server";
                $mail->Port = 25;
                $mail->Username = "email";
                $mail->Password = "password";

                $mail->AddAddress($this->params['email']);
                $mail->SetFrom('test@example', 'test Services');

                $mail->Subject = 'Confirm registration and login credentials.';
                $mail->MsgHTML($msgBody);    // attachment
                #$mail->Send();

                echo 'localhost/profile.php?action=verify&key='.base64_encode($activation).'&email='.urlencode($this->params['email']);
            } catch (phpmailerException $e) {
                #echo $e; //Pretty error messages from PHPMailer
                print_r($e);
            } catch (Exception $e) {
                echo $e; //Boring error messages from anything else!
                print_r($e);
            }


        }

    }

So this is my method for authentication. __construct($arg1, $arg2); $arg1 gets the action and $arg2 and it is the $self::params gets the variables that it requires in this case the email names and password. It prints the the activation link for testing purposes and when it does i see Array( ) after it. The if statement that has isset($row) is not doing what it have cuz it is telling my script that row is set. And when I print_r it I see none... when echo i see Array( ).... I Use Zend server CE With PHP 5.4 and I have a table that is structured like this:

id, - name, - password, - cryptokey, - cryptovector, - email, - activation_code, - active, - usertype
1, - J.Smith, - pwd, - key, - vector, - some@mail, - activation code, - 0, - candidate

Was it helpful?

Solution

You are missing the $stmt->execute(); in your code. This is an example of code that I happen to have in eclipse right now:

$sql="select id from users where userName=:userName";
$this->prepared = $this->mysqlAccess->con->prepare($sql, array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY));
$this->prepared->execute(array(':userName' => $this->username));

When you prepare the statement, you need to execute it before you can query the results.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top