php - prepared mysqli

0

I created this code, and says that it does not find any record, even knowing that the record exists and the email and pass are correct.

Error and always "INVALID USERNAME / PASSWORD Combination!"

$uid = mysqli_real_escape_string($con, sanitize($_POST['email']));
$pwd = mysqli_real_escape_string($con, sanitize($_POST['password']));

$stmt = $con->prepare("SELECT email, password FROM public_users WHERE email = ? AND password = ? LIMIT 1");
$stmt->bind_param('is', $uid, $pwd);
$stmt->execute();
$stmt->bind_result($uid, $pwd);
$stmt->store_result();

if($stmt->num_rows == 1) {

    if($stmt->fetch()) {

       if(password_verify($pwd, $hashed_password)) {

          echo "Combination!";

       } else {

          echo "PASSWORD Combination!";
       }

    }

} else {
    echo "INVALID USERNAME/PASSWORD Combination!";
}

$stmt->close();  

Where am I missing people?

    
asked by anonymous 02.07.2018 / 04:42

1 answer

0

Are the email and password fields correct (varchar for example)? In this case, the quotation marks in your query are missing:

$stmt = $con->prepare("SELECT email, password FROM public_users WHERE email = '?' AND password = '?' LIMIT 1");
    
02.07.2018 / 13:33