How to insert a failed logins' intent

Question

I am trying to keep a register of how many times users fail when they try to get login in my blog, I am using prepared statements for every query and I don't know why but I have the next error when I try to save the failed login intent: Call to a member function bind_param() on boolean in C:\xampp\htdocs\Blog\users\login.php on line 70

Here is the code where the problem is...

// code when the login is correct...
                } else {
                    // incorrect password.
                    // so we save this failed intent
//we make a query to get the actual user's intent
                    $num_attempts = $conexion->prepare("SELECT session_attemps FROM usuarios WHERE id = ? LIMIT 1");
                    $num_attempts->bind_param('i', $user_id);
                    $num_attempts->execute();
                    $num_attempts->bind_result($attempts);
                    $num_attempts->fetch();

                    $attempt= $attempts+1;
//and then we insert that value plus one (the actual failed intent)
                    $add_attempt=$conexion->prepare("INSERT INTO usuarios(session_attemps) VALUES (?) WHERE id = $user_id");
                    $add_attempt->bind_param('i', $attempt);

               $login_error_message="login data is incorrect";
               echo json_encode(array('success' => false, 'text' => $login_error_message));    
               return false;
                }

Line 70 corresponds to: $add_attempt->bind_param('i', $user_id);

but when I test the query (with normal or default values) by mysql console it says that the error is near WHERE id=...

ok I could solved the problem thanks to this explanation: The problem you are facing, "Commands out of sync", is caused by unused result sets left over by your procedure. When you call your first procedure, the result sets are buffered until you use them. However, you only use one set, and you didn't even free it before moving on to the second query. You need to free the buffered result sets before moving on: It is best to create a function, or a method, to do this. No need to repeat the code over and over. at the end I just had to free the previous procedure with $variable->close() — kukiko11, Apr 23 '16 at 02:10

azahar · Answer 1 · 2016-04-22T19:55:22.340

0

Well, it's giving you a sintax error. Try a different approach, for example:

update usuarios set session_attempts = ? where id = $user_id;

Instead of INSERT INTO usuarios(session_attemps) VALUES (?) WHERE id = $user_id

edited Apr 22 '16 at 19:55

answered Apr 22 '16 at 19:48

azahar

48
7

sure I tried this but it didn't work – kukiko11 Apr 22 '16 at 22:39

score 0 · Answer 2 · answered Apr 22 '16 at 19:52

0

prepare() returns false when it encounters an error with the query. Are you sure you weren't you weren't trying to write session_attempts?

answered Apr 22 '16 at 19:52

Henry A.

391
2
17

actually yes, I'm trying to write in that field but really I don't find what's my mistake, I mean the field and table names are ok, actually the variables I tested them and they are also ok... it's rare... you got the point, it's something with the query but I just can't find what's wrong... anyway I'm gonna keep trying – kukiko11 Apr 22 '16 at 22:45

How to insert a failed logins' intent

2 Answers2