0

I'm making an iOS app that sends a username string to this PHP file and then the PHP file checks to see if their username exists in a database, in a table called "members". I got this code online and modified it a little to fit my needs. This is the code:

// Main method to redeem a code
function redeem() {

    // Check for required parameters
    if (isset($_POST["username"])) {

        // Put parameters into local variables
        $code = $_POST["username"];

        echo $code;

        // Look up code in database
        $user_id = 0;

        echo "userid";

        $stmt = $this->db->prepare('SELECT username FROM members WHERE username=', $code); 

        echo "dbprepare";

       $stmt->bind_param("is", $code);

        echo "bindparam";

        $stmt->execute();

        echo "execute";

        $stmt->bind_result($id, $code);

        echo "bindresult";

        while ($stmt->fetch()) {
            break;
        }
        $stmt->close();

The code is tripping up on bind_param, it only gets to echo "dbprepare". Am I doing something incorrectly? How do I check for the username?

Improve this question
2
  • None of us have any idea what bind_param or bind_result mean. What API / framework are you using? Commented Dec 25, 2011 at 1:50
  • +1 I think its not to be downvoted. Commented Dec 25, 2011 at 1:57

3 Answers 3

Reset to default
3

try this code

   $stmt = $this->db->prepare('SELECT username FROM members WHERE username=?');  

    echo "dbprepare"; 

   $stmt->bind_param("s", $code);
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

3

I would guess you do miss an actual placeholder here:

$stmt = $this->db->prepare('SELECT username FROM members WHERE username=?', $code);

See the added ?. The prepare call does not just append the value. You do need to tell it where it belongs. (If your class implements prepare/bind as in mysqli or PDO, and as commonly understood.)

Improve this answer

1 Comment

See also what Kashif wrote. If it's really mysqli, then you pass the variable separately, and with maybe just 's' as type specifier.
1

You forgot to add a ? in your SQL.

$stmt = $this->db->prepare('SELECT username FROM members WHERE username=?', $code); 

echo "dbprepare";

$stmt->bind_param("is", $code);
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.