So me and my friend are making an RPG website for fun and we've run into a problem. We suck at PHP. We are so bad that we dont even know how to pull out one value from an SQL query. Please can someone help us get the 'name' value from this SQL query in PHP7. Thanks!
<?PHP
session_start();
$email = $_POST['email'];
$password = sha1($_POST['password']);
$con = mysqli_connect('CENSORED','CENSORED','CENSORED');
mysqli_select_db($con, "BATTLE");
$q = "SELECT * FROM players WHERE email == '$email'";
$result = mysqli_query($con, $q);
$num = mysqli_num_rows($result);
if($num == 0){
$_SESSION['email'] = $email;
// GET THE NAME!!
}
?>
Top comments (7)
The
WHERE email == '$email'
part of the query should beWHERE email = '$email'
- SQL uses single equals sign as a comparison operator.As for the results, try using mysqli_fetch_assoc.
Also, for passwords, don't use
sha1
. Use thepassword_hash
andpassword_verify
functions instead, as they're much more secure.Thank you Martin for your reply, also thanks for the notice on using password_hash instead. I will try this now!
whats the problem you are facing? please mention the problem. Moreover, this is a commont topic too, you will find plenty of tutorials to get this info.
but ill suggest going through the PHP basic first before diving into the getting the project done.
You also might want to think about preparing your queries instead of putting the user input right in there.
$con = new mysqli(dbhost, dbuser, dbpass, dbname);
$params[] = $_POST['email'];
$query = "SELECT * FROM players WHERE email = ?";
$query = $con->prepare($query);
$query->bind_param(str_repeat('s', count($params)), ...$params);
$query->execute();
$result = $query->get_result();
Then when you want other fields just pop other ? in e.g.
$params[] = $_POST['email'];
$params[] = $_POST['name'];
$query = "SELECT * FROM players WHERE email = ? AND name = ?";
This goes a ways to secure you against an attack called SQL injection which is not good for business
Thank you so much for your reply, I had no idea how to be secure against SQL injections so this will definitely help!
Did you try StackOverflow already? Not to be rude or anything.
Yes I did try StackOverflow before. Unfortunately I found It difficult to find an answer.