{"id":25187,"date":"2022-12-08T14:39:59","date_gmt":"2022-12-08T09:09:59","guid":{"rendered":"https:\/\/jassweb.com\/solved\/solved-is-this-prepared-statement\/"},"modified":"2022-12-08T14:39:59","modified_gmt":"2022-12-08T09:09:59","slug":"solved-is-this-prepared-statement","status":"publish","type":"post","link":"https:\/\/jassweb.com\/solved\/solved-is-this-prepared-statement\/","title":{"rendered":"[Solved] Is this prepared statement?"},"content":{"rendered":"

[ad_1]
\n<\/p>\n

\n
\n
<\/div>\n
\n
\n

Yes you are using a prepared statement with a parameter. That’s the right thing to do. Parameters are the best way to write safe SQL statements in the majority of cases. There are just a few edge cases where they don’t help (see my answer to how safe are PDO prepared statements)<\/p>\n

I can suggest some small changes based on how I would write the code.<\/p>\n

$sql = \"SELECT id, password FROM users133 WHERE username=:username\";\n<\/code><\/pre>\n
Avoid SELECT *<\/code>, always spell out your columns explicitly. See<\/p>\n
$stmt = $db->prepare($sql);\n$stmt->execute(['username' => $username]);\n<\/code><\/pre>\n
If you have enabled PDO exceptions, this is okay, because any SQL error will interrupt the code and throw an exception. But if you have not enabled exceptions, you should always check the return value of both prepare()<\/code> and execute()<\/code>. See http:\/\/php.net\/manual\/en\/pdo.error-handling.php<\/a> and http:\/\/php.net\/manual\/en\/pdo.errorinfo.php<\/a><\/p>\n
The syntax of array()<\/code> is from old PHP versions, and since PHP 5.4 you can use the shorter syntax with square brackets. <\/p>\n
You don’t need to use :<\/code> in your key for the PDO param. Only in the SQL string. In old versions of PDO you needed :<\/code> in both places, but not anymore.<\/p>\n
while (row = $stmt->fetch()) {\n    $hash = $row['password'];\n    if (password_verify($password, $hash)) {\n        $_SESSION['loggedIn'] = $row['id'];\n        header(\"location: ?page=profile\");\n    }else{\n        header(\"location: ?page=loginfailed\");\n    }\n}\nheader(\"location: ?page=loginfailed\");\n<\/code><\/pre>\n
The above avoids calling rowCount()<\/code>. If there are no rows, then while()<\/code> naturally finishes without doing one loop, and then it falls through to the last header()<\/code> call.<\/p>\n
I prefer to avoid calling rowCount()<\/code> because it’s confusing to remember when it works and when it doesn’t work. The rowCount()<\/code> will return 0 before the client has fetched all rows from the MySQL server. Sometimes executing the query implicitly fetches all rows into client memory, then calling fetch()<\/code> just iterates over them. This is called a buffered query. But non-buffered queries are useful if your result will have too many rows to buffer. So it’s not always clear when rowCount()<\/code> will return the accurate count. <\/p>\n<\/p><\/div>\n
<\/div>\n<\/div>\n
            2<\/span> <\/p><\/div>\n<\/div>\n
[ad_2]<\/p>\n
solved Is this prepared statement? <\/p>\n","protected":false},"excerpt":{"rendered":"
[ad_1] Yes you are using a prepared statement with a parameter. That’s the right thing to do. Parameters are the best way to write safe SQL statements in the majority of cases. There are just a few edge cases where they don’t help (see my answer to how safe are PDO prepared statements) I can … Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[320],"tags":[346,340,855,339],"class_list":["post-25187","post","type-post","status-publish","format-standard","hentry","category-solved","tag-html","tag-mysql","tag-pdo","tag-php"],"yoast_head":"\n[Solved] Is this prepared statement? - JassWeb<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jassweb.com\/solved\/solved-is-this-prepared-statement\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"[Solved] Is this prepared statement? - JassWeb\" \/>\n<meta property=\"og:description\" content=\"[ad_1] Yes you are using a prepared statement with a parameter. That’s the right thing to do. Parameters are the best way to write safe SQL statements in the majority of cases. There are just a few edge cases where they don’t help (see my answer to how safe are PDO prepared statements) I can ... Read more\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jassweb.com\/solved\/solved-is-this-prepared-statement\/\" \/>\n<meta property=\"og:site_name\" content=\"JassWeb\" \/>\n<meta property=\"article:published_time\" content=\"2022-12-08T09:09:59+00:00\" \/>\n<meta name=\"author\" content=\"Kirat\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kirat\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/jassweb.com\/solved\/solved-is-this-prepared-statement\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/jassweb.com\/solved\/solved-is-this-prepared-statement\/\"},\"author\":{\"name\":\"Kirat\",\"@id\":\"https:\/\/jassweb.com\/solved\/#\/schema\/person\/65c9c7b7958150c0dc8371fa35dd7c31\"},\"headline\":\"[Solved] Is this prepared statement?\",\"datePublished\":\"2022-12-08T09:09:59+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/jassweb.com\/solved\/solved-is-this-prepared-statement\/\"},\"wordCount\":304,\"publisher\":{\"@id\":\"https:\/\/jassweb.com\/solved\/#organization\"},\"keywords\":[\"html\",\"mysql\",\"pdo\",\"php\"],\"articleSection\":[\"Solved\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jassweb.com\/solved\/solved-is-this-prepared-statement\/\",\"url\":\"https:\/\/jassweb.com\/solved\/solved-is-this-prepared-statement\/\",\"name\":\"[Solved] Is this prepared statement? - JassWeb\",\"isPartOf\":{\"@id\":\"https:\/\/jassweb.com\/solved\/#website\"},\"datePublished\":\"2022-12-08T09:09:59+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/jassweb.com\/solved\/solved-is-this-prepared-statement\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jassweb.com\/solved\/solved-is-this-prepared-statement\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jassweb.com\/solved\/solved-is-this-prepared-statement\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jassweb.com\/solved\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"[Solved] Is this prepared statement?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jassweb.com\/solved\/#website\",\"url\":\"https:\/\/jassweb.com\/solved\/\",\"name\":\"JassWeb\",\"description\":\"Build High-quality Websites\",\"publisher\":{\"@id\":\"https:\/\/jassweb.com\/solved\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jassweb.com\/solved\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jassweb.com\/solved\/#organization\",\"name\":\"Jass Web\",\"url\":\"https:\/\/jassweb.com\/solved\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jassweb.com\/solved\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jassweb.com\/wp-content\/uploads\/2021\/02\/jass-website-logo-1.png\",\"contentUrl\":\"https:\/\/jassweb.com\/wp-content\/uploads\/2021\/02\/jass-website-logo-1.png\",\"width\":693,\"height\":132,\"caption\":\"Jass Web\"},\"image\":{\"@id\":\"https:\/\/jassweb.com\/solved\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/jassweb.com\/solved\/#\/schema\/person\/65c9c7b7958150c0dc8371fa35dd7c31\",\"name\":\"Kirat\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jassweb.com\/solved\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/jassweb.com\/solved\/wp-content\/litespeed\/avatar\/1261af3c9451399fa1336d28b98ea3bb.jpg?ver=1775798750\",\"contentUrl\":\"https:\/\/jassweb.com\/solved\/wp-content\/litespeed\/avatar\/1261af3c9451399fa1336d28b98ea3bb.jpg?ver=1775798750\",\"caption\":\"Kirat\"},\"sameAs\":[\"http:\/\/jassweb.com\"],\"url\":\"https:\/\/jassweb.com\/solved\/author\/jaspritsinghghumangmail-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"[Solved] Is this prepared statement? - JassWeb","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jassweb.com\/solved\/solved-is-this-prepared-statement\/","og_locale":"en_US","og_type":"article","og_title":"[Solved] Is this prepared statement? - JassWeb","og_description":"[ad_1] Yes you are using a prepared statement with a parameter. That’s the right thing to do. Parameters are the best way to write safe SQL statements in the majority of cases. There are just a few edge cases where they don’t help (see my answer to how safe are PDO prepared statements) I can ... Read more","og_url":"https:\/\/jassweb.com\/solved\/solved-is-this-prepared-statement\/","og_site_name":"JassWeb","article_published_time":"2022-12-08T09:09:59+00:00","author":"Kirat","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Kirat","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jassweb.com\/solved\/solved-is-this-prepared-statement\/#article","isPartOf":{"@id":"https:\/\/jassweb.com\/solved\/solved-is-this-prepared-statement\/"},"author":{"name":"Kirat","@id":"https:\/\/jassweb.com\/solved\/#\/schema\/person\/65c9c7b7958150c0dc8371fa35dd7c31"},"headline":"[Solved] Is this prepared statement?","datePublished":"2022-12-08T09:09:59+00:00","mainEntityOfPage":{"@id":"https:\/\/jassweb.com\/solved\/solved-is-this-prepared-statement\/"},"wordCount":304,"publisher":{"@id":"https:\/\/jassweb.com\/solved\/#organization"},"keywords":["html","mysql","pdo","php"],"articleSection":["Solved"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/jassweb.com\/solved\/solved-is-this-prepared-statement\/","url":"https:\/\/jassweb.com\/solved\/solved-is-this-prepared-statement\/","name":"[Solved] Is this prepared statement? - JassWeb","isPartOf":{"@id":"https:\/\/jassweb.com\/solved\/#website"},"datePublished":"2022-12-08T09:09:59+00:00","breadcrumb":{"@id":"https:\/\/jassweb.com\/solved\/solved-is-this-prepared-statement\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jassweb.com\/solved\/solved-is-this-prepared-statement\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/jassweb.com\/solved\/solved-is-this-prepared-statement\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jassweb.com\/solved\/"},{"@type":"ListItem","position":2,"name":"[Solved] Is this prepared statement?"}]},{"@type":"WebSite","@id":"https:\/\/jassweb.com\/solved\/#website","url":"https:\/\/jassweb.com\/solved\/","name":"JassWeb","description":"Build High-quality Websites","publisher":{"@id":"https:\/\/jassweb.com\/solved\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jassweb.com\/solved\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jassweb.com\/solved\/#organization","name":"Jass Web","url":"https:\/\/jassweb.com\/solved\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jassweb.com\/solved\/#\/schema\/logo\/image\/","url":"https:\/\/jassweb.com\/wp-content\/uploads\/2021\/02\/jass-website-logo-1.png","contentUrl":"https:\/\/jassweb.com\/wp-content\/uploads\/2021\/02\/jass-website-logo-1.png","width":693,"height":132,"caption":"Jass Web"},"image":{"@id":"https:\/\/jassweb.com\/solved\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/jassweb.com\/solved\/#\/schema\/person\/65c9c7b7958150c0dc8371fa35dd7c31","name":"Kirat","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jassweb.com\/solved\/#\/schema\/person\/image\/","url":"https:\/\/jassweb.com\/solved\/wp-content\/litespeed\/avatar\/1261af3c9451399fa1336d28b98ea3bb.jpg?ver=1775798750","contentUrl":"https:\/\/jassweb.com\/solved\/wp-content\/litespeed\/avatar\/1261af3c9451399fa1336d28b98ea3bb.jpg?ver=1775798750","caption":"Kirat"},"sameAs":["http:\/\/jassweb.com"],"url":"https:\/\/jassweb.com\/solved\/author\/jaspritsinghghumangmail-com\/"}]}},"_links":{"self":[{"href":"https:\/\/jassweb.com\/solved\/wp-json\/wp\/v2\/posts\/25187","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jassweb.com\/solved\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jassweb.com\/solved\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jassweb.com\/solved\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jassweb.com\/solved\/wp-json\/wp\/v2\/comments?post=25187"}],"version-history":[{"count":0,"href":"https:\/\/jassweb.com\/solved\/wp-json\/wp\/v2\/posts\/25187\/revisions"}],"wp:attachment":[{"href":"https:\/\/jassweb.com\/solved\/wp-json\/wp\/v2\/media?parent=25187"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jassweb.com\/solved\/wp-json\/wp\/v2\/categories?post=25187"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jassweb.com\/solved\/wp-json\/wp\/v2\/tags?post=25187"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}