Page 1 of 1
Please help with prepared statements and how to add..
Posted: Thu Sep 26, 2013 9:47 am
by hybris
Hi,
I'm totally new to php and DB coding so please have patience
I set up a secure login for my page using this tutorial:
http://www.wikihow.com/Create-a-Secure- ... -and-MySQL
I created a registration page to create new users and managed to add a column with date registred (added to members table) and got it to register the time when a new member is created so Im pretty proud of myself there
Then I added a new column called 'lastvisit' that I want to update with the current time when the user logs in... but I can't get it to work.
I thought I would create a function called
updatelastvisit ($user_id, $mysqli) or something but I cannot get the coding for the prepared statement to locate the correct user and then update the cell lastvisit.
Could someone please help me.
thanks.
Re: Please help with prepared statements and how to add..
Posted: Thu Sep 26, 2013 10:21 am
by Celauran
Can you show us what you have so far and explain what errors you're encountering?
Re: Please help with prepared statements and how to add..
Posted: Fri Sep 27, 2013 3:21 am
by hybris
Hi,
so I have basically the code from the tutorial I mentioned to handle the login.
Now I want a function that onlogin takes the current time and adds it to the users tabel under the column lastvisit.
This is the function code (not working)
Code: Select all
function addlastlogin() {
$thistime = date("Y-m-d H:i:s"); //DENNA AR NY
if(isset($_SESSION['user_id'])) {
$user_id = $_SESSION['user_id']; //KAN ANVANDAS FOR ATT LAGRA UPPGIFTER I USERS
if ($stmt = $mysqli->prepare("SELECT lastvisit FROM users WHERE id = ? LIMIT 1")) {
$stmt->bind_param('i', $user_id); // Bind "$user_id" to parameter.
$stmt->execute(); // Execute the prepared query.
$stmt->store_result();
if($stmt->num_rows == 1) { // If the user exists
$stmt = $mysqli->prepare("UPDATE users SET lastvisit= :lastvisit WHERE id= :id") {
$stmt->bind_param(':id', $user_id)
$stmt->bind_param(':lastvisit', $thistime);
$stmt->execute();
} else {
echo 'No luck';
}
} else {
echo 'No user logged in';
}
}
}
I can't see what I'm doing wrong??
(I used the following (Working) function as a template for my function.
Code: Select all
function login_check($mysqli) {
// Check if all session variables are set
if(isset($_SESSION['user_id'], $_SESSION['username'], $_SESSION['login_string'])) {
$user_id = $_SESSION['user_id'];
$login_string = $_SESSION['login_string'];
$username = $_SESSION['username'];
$user_browser = $_SERVER['HTTP_USER_AGENT']; // Get the user-agent string of the user.
if ($stmt = $mysqli->prepare("SELECT password FROM users WHERE id = ? LIMIT 1")) {
$stmt->bind_param('i', $user_id); // Bind "$user_id" to parameter.
$stmt->execute(); // Execute the prepared query.
$stmt->store_result();
if($stmt->num_rows == 1) { // If the user exists
$stmt->bind_result($password); // get variables from result.
$stmt->fetch();
$login_check = hash('sha512', $password.$user_browser);
if($login_check == $login_string) {
// Logged In!!!!
//addlastlogin(); //NY FUNKAR DEN??????????????????????????????????????????????????
return true;
} else {
// Not logged in
return false;
}
} else {
// Not logged in
return false;
}
} else {
// Not logged in
return false;
}
} else {
// Not logged in
return false;
}
}
Re: Please help with prepared statements and how to add..
Posted: Fri Sep 27, 2013 4:27 am
by hybris
nm solved it myself
Code: Select all
if ($stmt = $mysqli->prepare("UPDATE users SET lastvisit =? WHERE id = ?")){
$stmt->bind_param('si', $thistime, $user_id);
$thistime = date("Y-m-d H:i:s");
$user_id = $_SESSION['user_id'];
$stmt->execute();
$stmt->close();
}
else {
//Error
printf("Prep statment failed: %s\n", $mysqli->error);
}