UPDATE
I was connecting to the wrong database. Yes, please spit on me, i deserve it. I am very sorry for the trouble.
If i try this, MySQL (via PDO) does not return any result
$db = new db('mysql:host='.DB_SERVER.';dbname='.DB_NAME, DB_USERNAME, DB_PASSWORD);
$email = 'alexandre@domain.com';
$mot_de_passe = 'Un mot et un chiffre 8?';
$bind= array(":email"=>$email, ":mot_de_passe"=>$mot_de_passe);
$results = $db->select("users", "email=:email AND mot_de_passe=:mot_de_passe", $bind);
But if try this, MySQL returns the row correctly.
$db = new db('mysql:host='.DB_SERVER.';dbname='.DB_NAME, DB_USERNAME, DB_PASSWORD);
$email = 'alexandre@domain.com';
$mot_de_passe = '1234';
$bind= array(":email"=>$email, ":mot_de_passe"=>$mot_de_passe);
$results = $db->select("users", 'email=:email AND mot_de_passe=:mot_de_passe', $bind);
It also returns nothing if $mot_de_passe = 'Pourquoi'; So i assume it only accepts numbers. Why is that? The Password column is of type VARCHAR(255).
UPDATE
I'm using this PDO Wrapper class to manage the transactions with the database.
DEBUG INFO
Using PDO syntax :
$sth = $db->prepare('SELECT * from `users` where email=:email AND mot_de_passe=:mot_de_passe');
$sth->bindValue(':email', $email, PDO::PARAM_STR);
$sth->bindValue(':mot_de_passe', $mot_de_passe, PDO::PARAM_STR);
$sth->execute();
$result = $sth->fetchAll();
$sth->debugDumpParams();
produces this debugging info:
SQL: [81] SELECT * from `users` where email=:email AND mot_de_passe=:mot_de_passe
Params: 2
Key: Name: [6] :email
paramno=-1
name=[6] ":email"
is_param=1
param_type=2
Key: Name: [13] :mot_de_passe
paramno=-1
name=[13] ":mot_de_passe"
is_param=1
param_type=2
Here is the query from the mysql's general_log file:
SELECT * from `users` where email='alexandre@domain.com' AND mot_de_passe='Pourquoi ?'
If i use this query directly, it returns the intended result. If i use it via PDO it does not find the result.
Why are you use urldecode() function? It brakes special symbols and have no relation to mysql escaping.
Try this:
$email = 'alexandre@domain.com';
$mot_de_passe = 'Un mot et un chiffre 8?';
$bind= array(":email"=>$email, ":mot_de_passe"=>$mot_de_passe);
$results = $db->select("users", "email=:email AND mot_de_passe=:mot_de_passe", $bind);
Try this one in PDO style:
$sth = $db->prepare('SELECT * from `users` where email=:email AND mot_de_passe=:mot_de_passe');
$sth->bindValue(':email', $email, PDO::PARAM_STR);
$sth->bindValue(':mot_de_passe', $mot_de_passe, PDO::PARAM_STR);
$sth->execute();
$result = $sth->fetchAll();
and check, is this query returns something?
SELECT * from `users` where email='alexandre@domain.com' AND mot_de_passe='Un mot et un chiffre 8?';
To answer the question from the title, Mysql select query never fails if string contains password.
Speaking of your own code that doesn't return the desired result - just debug the code and double check the data.