sessions and names

tracyalex · March 30, 2018, 4:37am

I broke this code…it was working until I tried to add firstname, lastname and dealer to the cookies.
Error is mysqli_stmt_bind_param(): Number of variables doesn’t match number of parameters in prepared statement

[php]<?php
// Include config file
require_once ‘config.php’;

// Define variables and initialize with empty values
$username = $password = $firstname = $lastname = $dealer = “”;
$username_err = $password_err = $firstname_err = $lastname_err = $dealer_err = “”;

// Processing form data when form is submitted
if($_SERVER[“REQUEST_METHOD”] == “POST”){

// Check if username is empty
if(empty(trim($_POST["username"]))){
    $username_err = 'Please enter username.';
} else{
    $username = trim($_POST["username"]);
}

// Check if password is empty
if(empty(trim($_POST['password']))){
    $password_err = 'Please enter your password.';
} else{
    $password = trim($_POST['password']);
}



// Validate credentials
if(empty($username_err) && empty($password_err)){
    // Prepare a select statement
    $sql = "SELECT * FROM managers WHERE username = ?";
    
    if($stmt = mysqli_prepare($link, $sql))
    {
        // Bind variables to the prepared statement as parameters

//ERROR IS FOR THIS LINE BELOW
mysqli_stmt_bind_param($stmt, “ssss”, $param_username, $param_firstname, $param_lastname, $param_dealer);

        // Set parameters
        $param_username = $username;
        $param_firstname = $firstname;
        $param_lastname = $lastname;
        $param_dealer = $dealer;
        
        // Attempt to execute the prepared statement
        if(mysqli_stmt_execute($stmt)){
            // Store result
            mysqli_stmt_store_result($stmt);
            
            // Check if username exists, if yes then verify password
            if(mysqli_stmt_num_rows($stmt) == 1){  
                
                // Bind result variables
                mysqli_stmt_bind_result($stmt, $username, $hashed_password, $firstname, $lastname, $dealer);
                
                if(mysqli_stmt_fetch($stmt))
                {
                    if(password_verify($password, $hashed_password))
                    {
                        /* Password is correct, so start a new session and
                        save the username to the session */
                        
                        session_start();
                        $_SESSION['username'] = $username; 
                        $_SESSION['firstname'] = $firstname;
                        $_SESSION['lastname'] = $lastname;
                        $_SESSION['dealer'] = $dealer;
                        
                        header("location: welcome.php");
                    } else{
                        // Display an error message if password is not valid
                        $password_err = 'The password you entered was not valid.';
                    }
                }
            } else{
                // Display an error message if username doesn't exist
                $username_err = 'No account found with that username.';
            }
        } else{
            echo "Oops! Something went wrong. Please try again later.";
        }
    }
    
    // Close statement
    mysqli_stmt_close($stmt);
}

// Close connection
mysqli_close($link);

}
?>

Login body{ font: 14px sans-serif; } .wrapper{ width: 350px; padding: 20px; }

Login

Please fill in your credentials to login.

" method="post">

Username <?php echo $username_err; ?>

Password <?php echo $password_err; ?>

Don't have an account? Sign up now.

[/php]

JimL · March 30, 2018, 6:18am

Your query contains 1 placeholder
[php]$sql = “SELECT * FROM managers WHERE username = ?”;[/php]

You’re trying to bind 4 parameters to the query
[php]mysqli_stmt_bind_param($stmt, “ssss”, $param_username, $param_firstname, $param_lastname, $param_dealer);[/php]

This is just unnecessary
[php] $param_username = $username;
$param_firstname = $firstname;
$param_lastname = $lastname;
$param_dealer = $dealer;[/php]

tracyalex · March 30, 2018, 10:08pm

Right. But I thought that I only need the one ? because as long as the username is correct (if username = x) then I need to select all the other data…since the username is the only thing in table that must be unique. What am I missing here? Thx

JimL · March 31, 2018, 2:36am

The query “where username = ?” only has one param, you’re binding 4 params to the query. It’s nothing more than what the error is saying, you’re trying to bind the wrong number of variables…

tracyalex · March 31, 2018, 4:01pm

Binding params should have nothing to do with that. Because if x=x then do something with y…I thought.

JimL · March 31, 2018, 5:04pm

When you bind params you tell the db what to insert into the placeholders. This should be pretty straight forward…

tracyalex · March 31, 2018, 8:11pm

I get that. I can’t understand what the if statement has to do with how many parameters I bind later.

astonecipher · April 1, 2018, 5:49am

Which if statement are you referring to?