Hai folks,
i am banging head with this
Fatal error: Uncaught exception ‘PDOException’ with message ‘SQLSTATE[HY093]: Invalid parameter number: parameter was not defined’ in /
$query="SELECT count(id)
FROM users
WHERE id=:username
AND password=:password";
$query = $db->prepare($query);
$query->execute(array(':id' => $username,
':password' => $password));
$row_count = $query->fetchColumn();
Do you see any problem in my above code ?
change to
$query->execute(array(':username' => $username,
':password' => $password));
i spent nearly 1 hour for this…
Thank you so much megazoid, it works.
Fresh pair of eyes is often a bonus on this, as is looking at something else for a while and coming back to a problem later. Good spot, though, I was about to start on about whether re-using the $query variable name would cause issues.
I hope those are not plain passwords… Maybe encrypted but definitely not salted.
Password treatment is a little off topic given the OP’s original question but of sufficient importance that I thought this warranted a reply.
It’s correct to say that the password should not be stored in plain text. Absolutely true.
However, passwords should be salted. They should also be hashed and definitely not encrypted. The difference is subtle but important since encryption implies decryptability.
Fortunately we have an excellent solution with the password functions provided by the lang itself
password_hash() and password_verify() et al
Anthony Ferara also provides a compatible library for those not yet on PHP5.5
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.