DEV Community


Posted on

I need help!

So me and my friend are making an RPG website for fun and we've run into a problem. We suck at PHP. We are so bad that we dont even know how to pull out one value from an SQL query. Please can someone help us get the 'name' value from this SQL query in PHP7. Thanks!

$email = $_POST['email'];
$password = sha1($_POST['password']);

$con = mysqli_connect('CENSORED','CENSORED','CENSORED');
mysqli_select_db($con, "BATTLE");

$q = "SELECT * FROM players WHERE email == '$email'";
$result = mysqli_query($con, $q);
$num = mysqli_num_rows($result);
if($num == 0){
$_SESSION['email'] = $email;

Top comments (7)

martyhimmel profile image
Martin Himmel

The WHERE email == '$email' part of the query should be WHERE email = '$email' - SQL uses single equals sign as a comparison operator.

As for the results, try using mysqli_fetch_assoc.

Also, for passwords, don't use sha1. Use the password_hash and password_verify functions instead, as they're much more secure.

venatusdev profile image

Thank you Martin for your reply, also thanks for the notice on using password_hash instead. I will try this now!

msamgan profile image
Mohammed Samgan Khan

whats the problem you are facing? please mention the problem. Moreover, this is a commont topic too, you will find plenty of tutorials to get this info.

but ill suggest going through the PHP basic first before diving into the getting the project done.

latro_ profile image
Nick M

You also might want to think about preparing your queries instead of putting the user input right in there.

$con = new mysqli(dbhost, dbuser, dbpass, dbname);
$params[] = $_POST['email'];
$query = "SELECT * FROM players WHERE email = ?";
$query = $con->prepare($query);
$query->bind_param(str_repeat('s', count($params)), ...$params);
$result = $query->get_result();

Then when you want other fields just pop other ? in e.g.

$params[] = $_POST['email'];
$params[] = $_POST['name'];
$query = "SELECT * FROM players WHERE email = ? AND name = ?";

This goes a ways to secure you against an attack called SQL injection which is not good for business

venatusdev profile image

Thank you so much for your reply, I had no idea how to be secure against SQL injections so this will definitely help!

sergix profile image
Peyton McGinnis

Did you try StackOverflow already? Not to be rude or anything.

venatusdev profile image

Yes I did try StackOverflow before. Unfortunately I found It difficult to find an answer.