this works just fine
$db = new PDO(<connection data>);
$username = $_POST['username'];
$password = $_POST['password'];
if(isset($_POST['username']) && isset($_POST['password'])){
$username = "name";
$pw = $db->prepare('SELECT * FROM table WHERE column1 = ?');
$pw->execute(array($username));
$result = $pw->fetchAll();
var_dump($result);
}
If i use $_POST['username'] after form submission i get array(0) { } for var_dump($result);
$db = new PDO(<connection data>);
$username = $_POST['username'];
$password = $_POST['password'];
if(isset($_POST['username']) && isset($_POST['password'])){
$username = $_POST['username'];
//var_dump($username); --> string(7) " name"
$pw = $db->prepare('SELECT * FROM table WHERE column1 = ?');
$pw->execute(array($username));
$result = $pw->fetchAll();
var_dump($result);
}
Do you see where i made my mistake(s)?
In the first test, with hard-coded value, you have
$username = "name";
then, when using post value, it becomes
$username = $_POST['username']; // --> " name"
as you see, there is an extra space. If such space should not be there, you could then try trimming the value, like:
$username = trim($_POST['username']);
However, if having spaces in username is an error, you should not "correct" it yourself, and just report the error to the user (I think this is more a UX aspect than a programming one).