1

This is my code for login:

<?php
$con = mysqli_connect("localhost", "id2815222_b1gbrother", "orwell", "id2815222_database");

$studentno = $_POST["studentno"];
$password = $_POST["password"];

$statement = mysqli_prepare($con, "SELECT * FROM bigbrother WHERE studentno = ? AND password = ?");
mysqli_stmt_bind_param($statement, "is", $studentno, $password);
mysqli_stmt_execute($statement);

mysqli_stmt_store_result($statement);

mysqli_stmt_bind_result($statement, $userID, $studentno, $firstname, $middlename, $lastname, $date, $password, $number);

$response = array();
$response["success"] = false;  

while(mysqli_stmt_fetch($statement)){
    $response["success"] = true;  

}

echo json_encode($response);

?>

last night this was running perfectly then this afternoon it shows this errors:

Warning: mysqli_stmt_execute(): Premature end of data (mysqlnd_wireprotocol.c:1130) in /storage/ssd3/222/2815222/public_html/login2.php on line 9

Warning: mysqli_stmt_execute(): RSET_HEADER packet 4 bytes shorter than expected in /storage/ssd3/222/2815222/public_html/login2.php on line 9

Warning: mysqli_stmt_execute(): Error reading result set's header in /storage/ssd3/222/2815222/public_html/login2.php on line 9 {"success":false}

My database has: user id, firstname, middlename, lastname, date, password, number as columns. thanks

mega6382
  • 9,211
  • 17
  • 48
  • 69
  • Can you check this? https://stackoverflow.com/questions/6099434/premature-end-of-data-error-with-php – Marcodor Nov 04 '17 at 11:55
  • i already check that but sadly i cant find an answer. –  Nov 04 '17 at 11:59
  • **Never store passwords in clear text!** That's one of the biggest no-no's. Only store password hashes! Use PHP's [`password_hash()`](http://php.net/manual/en/function.password-hash.php) and [`password_verify()`](http://php.net/manual/en/function.password-verify.php) . If you're running a PHP version lower than 5.5 (which I _really_ hope you aren't), you can use the [password_compat library](https://github.com/ircmaxell/password_compat) to get the same functionallity. – M. Eriksson Nov 04 '17 at 12:01
  • Your `mysqli_stmt_bind_result` has a $studentno after the id and before the firstname. I always list the columns I'm selecting in cases like this, so rather than `select *` - `select userID, firstName...` – Nigel Ren Nov 04 '17 at 12:08
  • Do You store password in plain text ? I think You should only select by studentno why you add password too in your where clause ? – YouneL Nov 04 '17 at 12:09

0 Answers0