0

PHP login system works on local but doesn't work on Hostgator PHP 7.1. My local is PHP 7.2

I've built out a fully working portal on my local machine. I can CRUD on my local machine. As soon as I put it on the server online, the login system doesn't work. I still can register new users as the user info populates in the DB, so its not a DB config issue. I am getting these errors:

Warning: mysqli_stmt_bind_param(): Number of variables doesn't match number of parameters in prepared statement in .....

Fatal error: Uncaught Error: Call to undefined function mysqli_stmt_get_result() in ....

I have spent 5 hours trying to figure out why it won't work on the Hostgator server but will work on my local.

Here is my code:

if(isset($_POST['loginSubmit'])){

    //include connection configs
    require '../../db_configs.php';

    $email = mysqli_real_escape_string($conn, $_POST['email']);
    $password = mysqli_real_escape_string($conn, $_POST['password']);   

    if(empty($email || $password )){

        header("Location: ../../../portalSignIn.php?signin=fieldsempty");
        exit();

    }
    else
    {
        //user email query
        $sqlEmail = "SELECT * FROM users WHERE email='$email'";
        $emailResult = mysqli_query($conn, $sqlEmail);
        $stmt = mysqli_stmt_init($conn);

        //SQL Error
        if(!mysqli_stmt_prepare($stmt, $sqlEmail)){

            header("Location: ../../../portalSignIn.php?signin=SQL_FAILED");
            exit();

        }
        if(mysqli_num_rows($emailResult) == 0){

            //email doesn't exist
            header("Location: ../../../portalSignIn.php?signin=incorrectemail");
            exit();
        }
        else
        {   
            //bind data if email exists
            mysqli_stmt_bind_param($stmt, "s", $email);
            mysqli_stmt_execute($stmt);
            $result = mysqli_stmt_get_result($stmt);

            if($row = mysqli_fetch_assoc($result)){....

Its breaking at this point --> mysqli_stmt_bind_param($stmt, "s", $email);

I've looked into https://www.plus2net.com/php_tutorial/mysqli_mysqlnd.php and Hostagtor doesn't have these settings. And I have used mysqli_stmt_bind_param() successfully on the sign up page.

Community
  • 1
  • 1
phpNetSvelteLover
  • 1

2 Answers2

1

You have plenty of mistakes in your code. Let me explain a few of them to you.

  1. Don't escape your variables using mysqli_real_escape_string(). Just don't use this function at all.
  2. empty($email || $password ) is going to check a boolean value. This does not make much sense. Remove the empty call and check the negation. If neither $email nor $password then one of them is empty.
  3. Don't use mysqli_query. You are going to prepare a statement, so do not call this function. Also you need to parameterized the SQL. Use ? as placeholder for the value.
  4. mysqli_num_rows in this place would throw an error. You don't need this function at all. If you wanted to use it you would need to pass the as a parameter the output of get_result()
  5. To fetch values using prepared statement you need to prepare/bind/execute/get_result. Only then you can fetch a row if it exists. If nothing is returned then $record will be null. 
if (isset($_POST['loginSubmit'])) {

    //include connection configs
    require '../../db_configs.php';

    $email = $_POST['email'];
    $password = $_POST['password'];

    if (!$email || !$password) {
        header("Location: ../../../portalSignIn.php?signin=fieldsempty");
        exit();
    } else {
        //user email query
        $sqlEmail = "SELECT * FROM users WHERE email=?";
        $stmt = $con->prepare($sqlEmail);
        $stmt->bind_param('s', $email);
        $stmt->execute();
        $result = $stmt->get_result();
        $record = $result->fetch_assoc();
        if (!$record) {
            //email doesn't exist
            header("Location: ../../../portalSignIn.php?signin=incorrectemail");
            exit();
        } else {
            // handle your data here
        }
    }
}

And as always don't forget to enable mysqli error reporting. See How to get the error message in MySQLi?

Dharman
  • 30,962
  • 25
  • 85
  • 135
  • Thanks for the code review but the focus of this thread is why this works on my local but not on the Hostgator server. – phpNetSvelteLover May 02 '20 at 21:52
  • If it works on your local machine then I am surprised. You probably got lucky. However, I can't imagine how it could possibly work. It should throw a bunch of errors and die a painful death. – Dharman May 02 '20 at 21:53
  • I put your code into my code and it works on my local. However, once I deploy that to Hostgator, I get "Uncaught Error: Call to undefined method mysqli_stmt::get_result()" now. Hostgator doesn't have tick boxes for me like in this website example: https://www.plus2net.com/php_tutorial/mysqli_mysqlnd.php – phpNetSvelteLover May 03 '20 at 05:21
0

The issue I am having is because Hostgator does not have mysqlnd available for shared hosting users but only those with VPS or dedicated servers:

https://www.hostgator.com/help/article/compatible-technologies

It can be enabled for other users and instructions can be done following this tutorial:

https://www.plus2net.com/php_tutorial/mysqli_mysqlnd.php

This was a learning lesson, especially in getting to know your webhost.

Dharman
  • 30,962
  • 25
  • 85
  • 135
phpNetSvelteLover
  • 1