Converting php to prepared statements

Having trouble converting next php script to prepared statements.


User login failed. Error#

Notice: Undefined index: salt in /home/sites/5a/8/83a6433687/public_html/SalesTrackerV1/login.php on line 36

Notice: Undefined index: hash in /home/sites/5a/8/83a6433687/public_html/SalesTrackerV1/login.php on line 37

6: Incorrect password


//check that connection happened

    if (mysqli_connect_errno())


        echo "1: Connection failed";//error code #1 = connection failed



    $username = mysqli_real_escape_string($con, $_POST["name"]);

    //$usernameclean = filter_var($username, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH);

    $password = $_POST["pass"];

    //check if name exists

    $sql = "SELECT username FROM Users WHERE username = ?";

    $statement = $con->prepare($sql);

    $statement->bind_param("s", $username);


    $result = $statement->get_result();


    //$namecheck = mysqli_query($con, $namecheckquery) or die("2: Name check failed"); //error code #2 name check query failed

    if ($result->num_rows !=1)


        echo "5: Either no user with name or more than 1"; //error code number 5 



// get login info from query

$existinginfo = mysqli_fetch_assoc($result);

$salt = $existinginfo["salt"];

$hash = $existinginfo["hash"];

$loginhash = crypt($password, $salt);

if($hash != $loginhash)


    echo "6: Incorrect password";//error code 6 password does not hash to match table


//echo "0\t". $existinginfo["score"];


The problem is you’re only selecting the field username in your query: $sql = "SELECT username FROM Users WHERE username = ?";

Thus, when you execute the statement the fields salt and hash are not present in the result.

Try changing your query to:

$sql = "SELECT salt, hash, username FROM Users WHERE username = ?";

ThankYou that was so stupid of me.

Haha, no problem! It happens :slight_smile:

Sponsor our Newsletter | Privacy Policy | Terms of Service