0

I have some basic php code which attempts to authenticate against a username and password in a database. It is supposed to print "Authenticated" if there is a successful match of user & pass. However, the query is not returning any data. In addition, the isset() I am using to check if any data is returned shows that the array has values in it.

What is going wrong here, how can I get this pdo query to return the requested data?

Here is the code with issues.

    $stmt = $pd->prepare("SELECT username from users where username = :logon and password = :passwd");
    $stmt->bindParam(':logon', $_POST['username'], PDO::PARAM_STR);
    $stmt->bindParam(':passwd', $_POST['password'], PDO::PARAM_STR);
    $stmt->execute();
    $verify_auth = $stmt->fetchAll();
    if(isset($verify_auth)){
       echo "Authenticated locally";
       $authed = 1;
       //do something here
    }
    elseif($authed != 1){
        echo "<b>Failure to authenticate</b>";
    }

Every time it runs "Authenticated locally" even though the credentials are wrong.

The verify_auth array appears to always be empty even with the correct credentials.

The post parameters are being assigned successfully.

Improve this question
1

1 Answer 1

Reset to default
1

fetchAll() always returns an array, you need to check if it's not empty instead. Also you set $authed to 1 after checking for $verify_auth and it turns out, the last condition block (in case if $authed != 1) will never be executed. Instead you can make it useful through simple else. Here's the example what it would look like.

$stmt = $pd->prepare("SELECT username from users where username = :logon and password = :passwd");

$stmt->bindParam(':logon', $_POST['username'], PDO::PARAM_STR);
$stmt->bindParam(':passwd', $_POST['password'], PDO::PARAM_STR);
$stmt->execute();
$verify_auth = $stmt->fetchAll();

if ($verify_auth) {
  echo "Authenticated locally";
  $authed = 1;
  //do something here
} else {
  echo "<b>Failure to authenticate</b>";
}

isset() is very useful, but not in this particular case. It checks is variable set, so even if it has an empty value it will be set and isset() would give you true. But if there's a variable or array index that doesn't exist, it would give false. In your particular case you can use isset($verify_auth[0]), which will give you true when there is something in the array returned by the $stmt->fetchAll().

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

This does not work with the correct credentials, the array is always empty.
I think the code is correct, probably you pass POST parameters in the form with different names than the ones that are used here, or the credentials are wrong, or you connect to the different database? I don't know really. Try to echo POST values or manually execute your SQL to make sure it returns correct data outside of this code.
thanks for help, turns out I had a permissions issue with new table in database.
Don’t use !empty when you just mean if ($verify_auth). See kunststube.net/isset.
Thank you, @deceze, it's a very helpful and interesting article. I'll edit the answer accordingly.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.