Welcome Guest, Not a member yet? Register   Sign In
Prepared statements in CI
#1

[eluser]alvaroeesti[/eluser]


Hi!


In my usual PHP I have this here below, but I think CI has most of that code built in and I don't have to complete it all. The question is how much it is built it of this snippet ?

Code:
CRYPT_BLOWFISH or die ('No Blowfish found.');

# 3.
$Blowfish_Pre = '$2a$05$';
$Blowfish_End = '$';

#. 4 We write the query as a prepared statement,

$sql = "SELECT salt, password FROM users WHERE email=?";

#  5. prepare statement
$stmt = $mysqli->prepare($sql);

#  6. assign key
$stmt->bind_param("s", $email);
      
# 7. execute prepared statement
if( $stmt->execute() )
{


# 8. bind the result data
    $stmt->bind_result($salt, $password);

# 9. fetch values */
    while( $stmt->fetch() )
    {
        # this $pass is what the user has entered in the login box
       $hashed_pass = crypt($pass, $Blowfish_Pre. $salt. $Blowfish_End);
    }
    echo '<p>';
    
}   # end of IF

So once I get the salt and the password, I can reconstrue the hashed password and compare it with the one that is on the table. If equal, log him in.


But, using CI, I think the steps from 5 to 8 both included are not needed. Looks like it would be just followed by something like:



Code:
$result = $this->db->query($query_str, array($salt, $password);

And then I would have to use the CI syntax to read those $salt and $password from $result, that is the values that are on the table of the Database.

But I don't know the syntax to read that $result in the CI environment, Sad
#2

[eluser]skunkbad[/eluser]
Code:
$sql = "SELECT salt, password FROM users WHERE email=?";

$query = $this->db->query( $sql, array( $email ) );

if( $query->num_rows() > 0 )
{
foreach( $query->result() as $row )
{
  $hashed_pass = crypt($row->pass, $Blowfish_Pre. $row->salt. $Blowfish_End);
}
}
#3

[eluser]alvaroeesti[/eluser]

Thank you,! I will implement that. So that means that indeed CI has the steps 5-8 built-in.
thanks a lot




Theme © iAndrew 2016 - Forum software by © MyBB