This is designed to help me understand what is going on with the query.
It should tell me what values are querried and print them. It does not pull the userid for some reason, instead saying 0 or null.
It prints: string(0) “” NULL string(11) “pwdhere” The userid is 0 and the password is pwdhere----oooo set as oooo----6179cbcdc21dd1b3c478e7e2226e0432
Should the session be these 32 characters or the userid/username?
Why is it not pulling userid?
AND WHY DOES IT WORK WHEN THE PASSWORD IS WRONG?
THANKS!!!
[php]
<?php
include ("connectionlinkhere.php");
//connection errors if any...
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
//GETTING DATA FROM FORM
$userid = htmlentities($_POST['userid'], ENT_QUOTES);
$password = htmlentities($_POST['password'], ENT_QUOTES);
//create a prepared statement
if ($stmt = $mysqli->prepare("SELECT userid, username, password FROM admins WHERE userid=? and password=?"))
{
// bind parameters-define them...the -iss- is for integer, string, string
$stmt->bind_param("iss", $userid, $username, $password);
//execute...
$stmt->execute();
// bind result variables
$stmt->bind_result($userid, $username, $password);
//fetch value
$stmt->fetch();
//to see what the database query is actually pulling
var_dump($userid, $username, $password);
//tell it to format the query results and then print the sentence
$format = ‘The userid is %d and the password is %s’;
echo sprintf($format, $userid, $password);
//set session
$_SESSION[‘userid’] = $_POST[‘username’];
//just to break up the line
echo “----oooo set as oooo----” ;
//this is the 32 digit session value, although assigned as userid or username
echo session_id();
/* close statement */
$stmt->close();
}
// redirect the user
//header("Location: index.php");
else
{
echo "what are you doing...";
}
/* close connection */
$mysqli->close();
?>
[/php]