something in this code doesnt work correctly. So need your help.
I have written a function in an external file:
function userExists($conn, $user){
$sql = "SELECT COUNT(*) FROM user WHERE email = :email";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':email', $user);
$stmt->execute();
$results = $stmt->fetch(PDO::FETCH_ASSOC);
if(count($results) > 0):
return true;
else:
return false;
endif;
}
And i call this function here:
if(!empty($_POST['email']) && !empty($_POST['password'])):
$email = $_POST['email'];
$password = $_POST['password'];
$records = $conn->prepare('SELECT id,username,email,password,active FROM user WHERE email = :email');
$records->bindParam(':email', $_POST['email']);
$records->execute();
$results = $records->fetch(PDO::FETCH_ASSOC);
if(userExists($conn, $email) === false){
echo 'False';
}else{
echo 'True';
}
endif;
But the output is everytime true.. maybe I can't see the wood for the trees.
Thx
Results will be greater than 0 at all times because your query is returning the value 0. So results does contain a value. Rather do this
"SELECT COUNT(*) AS Total FROM user WHERE email = :email";"
if($result['Total'] > 0)
{.....}
Related
I am trying to create a signup page and need to validate if username and email already exit.
If I do it in two queries, it works fine, but switch to one query, then it doesn't work properly, it doesn't validate one of value sometimes.
I tried as following but its not working properly, sometimes it doesn't validate for email or username:
$uname = $_POST['username'];
$email = $_POST['email'];
$sql = "SELECT uid FROM users WHERE username = :username OR email = :email";
$stmt1 = $pdo->prepare($sql);
$stmt1->bindParam(":username", $uname, PDO::PARAM_STR);
$stmt1->bindParam(":email", $email, PDO::PARAM_STR);
$stmt1->execute();
if($stmt1->rowCount() == 1){
$rows = $stmt1->fetch();
if($rows['username'] == 1){
$errors['username'] = "Username already in use.";
}else{
$username = $uname;
}
if($rows['email'] == 1){
$errors['email'] = "Email already in use.";
}else{
$email= $email;
}
}
unset($stmt1);
rowCount method returns >= 1 records when username or email match. Try that code:
$username = $_POST['username'];
$email = $_POST['email'];
$errors = array();
$sql = "SELECT username, email FROM users WHERE username = :username OR email = :email";
$stmt1 = $pdo->prepare($sql);
$stmt1->bindParam(":username", $username, PDO::PARAM_STR);
$stmt1->bindParam(":email", $email, PDO::PARAM_STR);
$stmt1->execute();
if($stmt1->rowCount() > 0){
$rows = $stmt1->fetchAll();
foreach($rows as $row) {
if($row['username'] === $username) {
$errors['username'] = "Username already in use.";
}
if($row['email'] === $email) {
$errors['email'] = "Email already in use.";
}
}
$stmt1->closeCursor();
}
You Just get count from this query
$sql = "SELECT uid FROM users WHERE username = :username OR email = :email";
instead of
$sql = "SELECT uid,count(uid) FROM users WHERE username = :username OR email = :email";
Hope it will help with single query
There's this really weird problem I just encountered. User check statement works while email statement doesn't for some reason. Here is the code also $con is defined outside the two ifs. I don't think that's the problem because user name check does work.
if(!empty($username)){
$username = $_POST['username'];
$stmt = $con->prepare("SELECT username from users where username= :name");
$stmt->bindParam(':name', $username);
$stmt->execute();
$rowcount = $stmt->rowCount($stmt);
if($rowcount > 0){
$errors[] = "name taken";
}
/* doesn't work for some reason */
if(!empty($email)){
if(filter_var($email, FILTER_VALIDATE_EMAIL)){
$email = $_POST['email'];
filter_var($email,FILTER_SANITIZE_EMAIL);
$stmt = $con->prepare("SELECT email from users where email= :email");
$stmt->bindParam(':email', $email);
$stmt->execute();
$rowcount = $stmt->rowCount($stmt);
if($rowcount > 0){
$errors[] = "email is already taken";
}
}
}
}
As you can see the username errors[] does work while the email doesn't. I even tried echoing it out still no hope :(
You should assign $email before using it in if statement. Therefore, initialize it after $username, for example:
if(!empty($username)){
$username = $_POST['username'];
$email = $_POST['email'];
...
Im trying do a login system with email confirmation, so when the user confirm the email the value of hash in the database changes from a MD5 value to "confirmed", then in the logon.php I used:
if (isset($_POST['submit']))
{
$confirmed = 'confirmed';
$username = $_POST['username'];
$password = $_POST['password'];
$query = "SELECT id, username FROM users WHERE username = ? AND hash = ? AND password = SHA(?) LIMIT 1";
$statement = $databaseConnection->prepare($query);
$statement->bind_param('sss', $username, $password, $confirmed);
$statement->execute();
$statement->store_result();
if ($statement->num_rows == 1)
{
$statement->bind_result($_SESSION['userid'], $_SESSION['username']);
$statement->fetch();
header ("Location: index.php");
}
else
{
echo "Username/password combination is incorrect.";
}
}
I already tried everything, but the $statement->num_rows always return 0, anybody can help me? Please
I think you are looking for
$statement->rowCount()
I hope that helped
I'm using PDO in my login (as instructed previously over sqli), and I have tried the following, but yet I am getting this Fatal Error, and cannot figure out what to give it, so it satisfies the error:
if($query->rowCount() > 0)
{
// session stuff
// refresh page
}
Then I tried this:
if($query->rowCount() == 1)
{
// session stuff
// refresh page
}
Yet I still get this: Fatal error: Call to a member function rowCount() on a non-object
Here's is what I started with before the changes:
$count = $query->rowCount();
Lastly, here's a better snippet so you can get an idea of what's involved:
<?php
include("/scripts/Connections.php");
$email = $_POST['email'];
$username = $_POST['username'];
$password = md5($_POST['password'], "DDerehOjhdfDDf$$##%^)-=_/.#$#dkfsj!`~efjkf(*)/)sD");
$confPassword = md5($_POST['conPassword'], "DDerehOjhdfDDf$$##%^)-=_/.#$#dkfsj!`~efjkf(*)/)sD");
if(isset($email, $username, $password, $confPassword)) {
if(strstr($email, "#")) {
if($password == $confPassword) {
$query = $dbc->prepare("SELECT * FROM members WHERE username = ? OR email = ?");
$query = $query->execute(array(
$username,
$email
));
$count = $query->rowCount();
if($count == 0) {
$query = $dbc->prepare("INSERT INTO memebers SET username = ?, email = ?, password = ?");
$query = $query->execute(array(
$username,
$email,
$password
));
if($query) {
echo "Your account has been registered, you may login!";
}
}
else {
echo "A user already exists with that username/password.";
}
}
else {
echo "Your passwords do not match!";
}
}
else {
echo "Invalid email address!";
}
}
?>
Can anyone point where I'm going wrong here. This is my only error this is being thrown.
You appear to be overwriting $query with the boolean return value from execute(), leaving you with a non-object value (boolean) which you're trying to call a method on.
Try something like this:
if($password == $confPassword) {
$query = $dbc->prepare("SELECT * FROM members WHERE username = ? OR email = ?");
$result = $query->execute(array(
$username,
$email
));
// check the value of $result is true here - if not,
// your query has failed to execute and handle the error
// appropriately.
$count = $query->rowCount();
// ...
}
$query = $dbc->prepare("SELECT * FROM members WHERE username = ? OR email = ?");
$query->execute(array($username, $email)):;
$count = $query->rowCount();
echo "Value is " . $count;
Try this.
I actually have this PHP code, which i use to obtain my database info..
function searchUserEmail($username, $raw_email){
//Prepare Statements
$query = "SELECT * FROM users WHERE username = ?";
$query2 = "SELECT * FROM users WHERE email = ?";
//Sanitize Input
$user = $this->conn->real_escape_string($username);
$email = $this->conn->real_escape_string($raw_email);
if($stmt = $this->conn->prepare($query)){
$stmt->bind_param('s', $user);
$stmt->execute();
if($stmt->num_rows > 0){
$stmt->close();
return true;
}
}
if($stmt = $this->conn->prepare($query2)){
$stmt->bind_param('s', $email);
$stmt->execute();
if($stmt->num_rows > 0){
$stmt->close();
return true;
}
}
return false;
}
I've tried this alot of times, ran it through a statement checker, still it doesn't work. Is there anything i'm missing???
Somehow it always returns a false (Even though its suppose to return true)
mysql_select_db($dataname,$conn);