I have the following connection which was working fine, but I want to include userID column from the table in a new variable:
public function userLogin()
{
$success = false;
try {
$con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
$con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$sql = "SELECT * FROM users WHERE username = :username AND password = :password LIMIT 1";
$stmt = $con->prepare( $sql );
$stmt->bindValue( "username", $this->username, PDO::PARAM_STR );
$stmt->bindValue( "password", hash("sha256", $this->password . $this->salt), PDO::PARAM_STR );
$stmt->bindValue( "UserID", $this->userID, PDO::PARAM_STR );
$stmt->execute();
$valid = $stmt->fetchColumn();
if( $valid ) {
$success = true;
}
$con = null;
return $success;
when I added my new line $stmt->bindValue( "UserID", $this->userID, PDO::PARAM_STR );
it says error: SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens
where might be the problem ?
Your binding 3 Values but does use 2values only
on
$sql = "SELECT * FROM users WHERE username = :username AND password = :password LIMIT 1";
if you gonna use ID add it.
$sql = "SELECT * FROM users WHERE userid= :UserID AND username = :username AND password = :password LIMIT 1";
note:bind variables should always exist on your query if not better get rid of it.