Maybe your query statement is wrong? Here is a copy of one of the functions in the library I'm using.
public function getUserNotes($suids, $CID, $page, $limit){
//$result = $this->mysqli->prepare("SELECT * FROM `Contacts` WHERE `uid` = $suids ORDER BY `Next_Contact` ASC ");
$result = $this->mysqli->query("SELECT * FROM `Notes` WHERE `UID` = $suids AND `Contact_ID` = $CID ORDER BY `Date` DESC LIMIT $page , $limit");
$rows = array();
while($row = $result->fetch_assoc()){
$rows[] = $row;
}
return $rows;
}
Notice I'm not using any ' or seperating variable from the string with " and . marks. Although for good measure I am using backticks ` to wrap around the table and reference points. Here is a copy of my login function as well. Maybe you can pull some ideas from it.
public function login($username, $password)
{
$return = array();
if($this->isBlocked($_SERVER['REMOTE_ADDR']))
{
$return['code'] = 0;
return $return;
}
else
{
if(strlen($username) == 0) { $return['code'] = 1; $this->addAttempt($_SERVER['REMOTE_ADDR']); return $return; }
elseif(strlen($username) > 30) { $return['code'] = 1; $this->addAttempt($_SERVER['REMOTE_ADDR']); return $return; }
elseif(strlen($username) < 3) { $return['code'] = 1; $this->addAttempt($_SERVER['REMOTE_ADDR']); return $return; }
elseif(strlen($password) == 0) { $return['code'] = 1; $this->addAttempt($_SERVER['REMOTE_ADDR']); return $return; }
elseif(strlen($password) != 40) { $return['code'] = 1; $this->addAttempt($_SERVER['REMOTE_ADDR']); return $return; }
else
{
$plainpass = $password;
$password = $this->getHash($password);
if($userdata = $this->getUserData($username))
{
if($password === $userdata['password'])
{
if($userdata['isactive'] == 1)
{
$sessiondata = $this->addNewSession($userdata['uid']);
$return['code'] = 4;
$return['session_hash'] = $sessiondata['hash'];
$this->addNewLog($userdata['uid'], "LOGIN_SUCCESS", "User logged in. Session hash : " . $sessiondata['hash']);
return $return;
}
else
{
$this->addAttempt($_SERVER['REMOTE_ADDR']);
$this->addNewLog($userdata['uid'], "LOGIN_FAIL_NONACTIVE", "Account inactive");
$return['code'] = 3;
return $return;
}
}
else
{
$this->addAttempt($_SERVER['REMOTE_ADDR']);
$this->addNewLog($userdata['uid'], "LOGIN_FAIL_PASSWORD", "Password incorrect : {$plainpass}");
$return['code'] = 2;
return $return;
}
}
else
{
$this->addAttempt($_SERVER['REMOTE_ADDR']);
$this->addNewLog("", "LOGIN_FAIL_USERNAME", "Attempted login with the username : {$username} -> Username doesn't exist in DB");
$return['code'] = 2;
return $return;
}
}
}
}