Search code examples
phpsqldatabasepostgresqlprepared-statement

php - fetching associative array of pg_execute() prepared statement returns false

Context

I'm trying to implement a (hopefully) simple login system using PHP and PostgreSQL.

This is the postgres table containing usernames and hashed passwords.

Picture of Table from phpPgAdmin

Users are not meant to be able to create new rows in this table so I already hashed the passwords using password_hash('password', PASSWORD_BCRYPT) and then manually copypasted the value in the table.

Let me know if you think this could pose a problem.

Users can, however, login to an already existing account by inputting the right username and password combination into a login form.

When the login button is pressed I need to retrieve information about the user entered, so that if it matches any user I can then verify the password using password_verify().

The Problem

When the login button is clicked I run this code:

$dbconn = pg_connect("host=host dbname=dbname user=user password=pwd");
if (!$dbconn) {
    die("Error in connection: " . pg_last_error());
}

// setting the username as it would be provided by the form field
$username = 'Dan';

// maybe unrelated: why do I need to write 'username' instead of username? all of my other queries work without ''
$query = "SELECT * FROM user WHERE 'username' = $1";

$stmt = pg_prepare($dbconn, "", $query);
var_dump($stmt); // gives output "resource(3) of type (pgsql result)", got no clue on how to see what's indside

$result = pg_execute($dbconn, "", array($username));
var_dump($result); // gives output "resource(4) of type (pgsql result)"

$row = pg_fetch_assoc($result);
var_dump($row); // gives output "bool(false)", indicating that pg_fetch_assoc() failed

The main problem would be that pg_fetch_assoc() fails and returns false, however I believe this may also be caused by an incorrect query or by the way I build the statement, hence why I included everything.

Edit

Forgot to mention that I also tried formulating the query as:

$query = "SELECT * FROM user WHERE username = $1";

And in this case I get and error saying: Warning: pg_prepare(): Query failed: ERROR: column "username" does not exist LINE 1: SELECT * FROM user WHERE username = $1.

Solution

  • Thanks to Don't Panic's comment I renamed my user table to utiliser and everything worked as it should have.

    It should also be noted that this could be circumvented by using double quotes on the table name (according to this answer), however, double quotes are evil so better to just stay away.

    Here's the full table of reserved words to avoid as table/column names.