• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Prepared statements in CI



In my usual PHP I have this here below, but I think CI has most of that code built in and I don't have to complete it all. The question is how much it is built it of this snippet ?

CRYPT_BLOWFISH or die ('No Blowfish found.');

# 3.
$Blowfish_Pre = '$2a$05$';
$Blowfish_End = '$';

#. 4 We write the query as a prepared statement,

$sql = "SELECT salt, password FROM users WHERE email=?";

#  5. prepare statement
$stmt = $mysqli->prepare($sql);

#  6. assign key
$stmt->bind_param("s", $email);
# 7. execute prepared statement
if( $stmt->execute() )

# 8. bind the result data
    $stmt->bind_result($salt, $password);

# 9. fetch values */
    while( $stmt->fetch() )
        # this $pass is what the user has entered in the login box
       $hashed_pass = crypt($pass, $Blowfish_Pre. $salt. $Blowfish_End);
    echo '<p>';
}   # end of IF

So once I get the salt and the password, I can reconstrue the hashed password and compare it with the one that is on the table. If equal, log him in.

But, using CI, I think the steps from 5 to 8 both included are not needed. Looks like it would be just followed by something like:

$result = $this->db->query($query_str, array($salt, $password);

And then I would have to use the CI syntax to read those $salt and $password from $result, that is the values that are on the table of the Database.

But I don't know the syntax to read that $result in the CI environment, Sad

$sql = "SELECT salt, password FROM users WHERE email=?";

$query = $this->db->query( $sql, array( $email ) );

if( $query->num_rows() > 0 )
foreach( $query->result() as $row )
  $hashed_pass = crypt($row->pass, $Blowfish_Pre. $row->salt. $Blowfish_End);


Thank you,! I will implement that. So that means that indeed CI has the steps 5-8 built-in.
thanks a lot

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  

  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.