Maybe this is a bad question but Ive been trying for so long and Im not sure what Im doing wrong so I thought I might ask for help. I need to do a Sign In form. First I needed to verify if the email and password of a certain user match so I created a function verifyAdmin(). To pass the variables inside the function I used:
<?php
if(isset($_POST['submit'])){
$email = $_POST['email'];
$password = $_POST['password'];
$admin = new Admin();
echo $admin->verifyAdmin($email,$password);
}
?>
The function inside the Admin class:
public function verifyAdmin($email,$password){
$sql= "SELECT * FROM admins WHERE email = ':email' AND password = ':password'";
$result = $this->prepare($sql);
$result->bindParam(':email',$email);
$result->bindParam(':password',$password);
$result->execute();
$result->setFetchMode(PDO::FETCH_CLASS,'Admin');
return $result->fetch();
}
Even when I write a matching email and password when I echo the function it still does not display anthing. I also tried to return a var_dump of $result->fetch() and it always returns bool(false) even if theres a matching email and password.
>Solution :
- Don’t
echowhen debugging, always usevar_dump(or other equivalent, like dd or kint). That will show actual output - For always returning false:
Your query is WHERE email = ':email' and you do $result->bindParam(':email',$email) – so that becomes invalid query, because prepared statement will look like this: WHERE email = ''user@email.com''. See syntax error here?
Don’t put your placeholders in quotes, as bindParam will do it for you:
SELECT * FROM admins WHERE email = :email AND password = :password