I am new to php.
I am doing login for user, then I would like to compare the username and password of the person when he/she login to every rows in my database table.
For this case, assume user= michael, pssword =1234
I got this:
$username= "michael";
$password= "1234";
include("includes/connect.php");
$mobile_user = "select * from mobileuser" ;
$query = mysqli_query ($conn, $mobile_user);
while($results = mysqli_fetch_array ($query)){
$user_name = $results['mobile_user_name'];
$pass = $results['mobile_user_pass'];
}
However, this only compare to the last row of data in my database table.
For example, if username=michael n password=1234 is located in the last row of my database table, then login success, if it does not located at the last row, login failed.
Anyone can help?
You should modify your code as:
$username= "michael";
$password= "1234";
include("includes/connect.php");
$mobile_user = "SELECT * FROM mobileuser WHERE mobile_user_name='$username' AND mobile_user_pass='$password' LIMIT 0,1";
$query = mysqli_query ($conn, $mobile_user);
$result = mysqli_fetch_array ($query);
$user_name = $result['mobile_user_name'];
$pass = $result['mobile_user_pass'];
This should work like a charm. However a better version of this would be:
$username= "michael";
$password= "1234";
include("includes/connect.php");
$mobile_user = "SELECT count(*) as count FROM mobileuser WHERE mobile_user_name='$username' AND mobile_user_pass='$password'";
$query = mysqli_query ($conn, $mobile_user);
$result = mysqli_fetch_array ($query);
if($result['count'] > 0){
echo "Match Found.";
}
If you want to check if a user's credential are valid, you should count the number of rows where they match ; if this is less than one, the credentials provided are invalid. SQL query :
SELECT COUNT(*) AS number, mobile_user_name, mobile_user_pass FROM mobileuser WHERE mobile_user_name = 'someusername' AND mobile_user_pass = 'somepass'
Note that you should prevent your code from SQL injections, and you may want to store hashed passwords in your database to avoid stocking them in cleartext.
give this a go:
require_once ('con.php');
$q = "SELECT `password` FROM `tbl_where_user_is` WHERE `tbl_row_username` = '$username'";
$r = mysqli_query($db_connnect, $q);
$row = mysqli_fetch_array($r);
$r = mysqli_query ($db_connnect, $q);
if(mysqli_num_rows($r)==1)
{
echo $username;
}else{
echo "user not found";
}
Related
The problem I encountered has to do with the query using session variables.
during the user login i assigned a session variable as such
$myemail = $_POST['email'];
$mypassword = $_POST['password'];
$sql = "SELECT * FROM users WHERE email = '$myemail'";
$result = pg_query($db,$sql);
$row = pg_fetch_assoc($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if(count($result) == 1) {
$_SESSION['user_id'] = $row['id'];
}
The highlight is $_SESSION['user_id'] = $row['id']
Next once the user logs in i want to find the info of the user in my database, so I searched for the user as such
$userid = $_SESSION['user_id'];
$result = pg_query($db, "SELECT * FROM users WHERE id = '$userid'") or die("error on query");
$user_info = pg_fetch_assoc($result);
But I keep on getting error on query showing that the query is failing. I have no idea why this is happening.
if user id is int in your db you don't need the single ticks(''). This will cause query failure as well. You could try something like this ".$userid."
$result = pg_query($db, "SELECT * FROM users WHERE id = ".$userid."") or die("error on query");
but count($result) won't give you row count. Try using
if(pg_num_rows($result) == 1){
$session['user_id']= $row['id'];
}else{
echo pg_num_rows($result);
}
Underneath $_SESSION['user_id'] = $row['id']; in the same if statement, echo the id to see what response you get
echo $_SESSION['user_id'];
Im new to programming and I'm trying to create a login form using php/mysql and I have faced some problems. I cannot understand why my sql code cannot being executed, Im using localhost. Could you guys help me?
Thanks
Here is the code that i wrote
<?php
$host = "localhost";
$user = "root";
$pass = "";
$db = "login";
mysql_connect($host, $user, $pass);
mysql_select_db($db);
if (isset($_POST['username'])){
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM users WHERE username'".$username."' AND password='".$password."' LIMIT 1";
$res = mysql_query($sql);
if (mysql_num_rows($res) == 1){
echo "You have successfully logged in.";
exit();
}else{
echo "Invalid password information.";
exit();
}
}
?>
I think you forgot =
$sql = "SELECT * FROM users WHERE username='".$username."' AND password='".$password."' LIMIT 1";
Simple Typo:
Change:
$sql = "SELECT * FROM users WHERE username'".$username."' AND password='".$password."' LIMIT 1";
To:
$sql = "SELECT * FROM users WHERE username = '".$username."' AND password='".$password."' LIMIT 1";
Another thing, you don't need to fetch all fields from database table if you don't need them.
This slows down speed of page load.
You can fetch only id field.
You are fetching number of rows, so, your query should be:
SELECT id FROM users WHERE username ...
I want to count the rows in the users table with specific name and pwd which should be 1 if existed.
but the result always return null(not 0),no matter whether the user existed or not.
I even change the query simple to "SELECT * FROM users", and it ended with the same result.
And I am pretty sure that the name of the DATABASE and TABLE are true,and the table is not empty!
By the way,why I have to use "#" symbol before "mysqli_query" in order to get rid of error?
thx!
enter code here
<?php
#$mysql_db_hostname = "localhost";
$mysql_db_hostname = "127.0.0.1";
$mysql_db_user = "root";
$mysql_db_password = "";
$mysql_db_database = "smartFSUsers";
$con = mysqli_connect($mysql_db_hostname, $mysql_db_user, $mysql_db_password,$mysql_db_database);
if (!$con) {
trigger_error('Could not connect to MySQL: ' . mysqli_connect_error());
}
$name = $_GET["name"];
$password = $_GET["password"];
$query = "SELECT * FROM users WHERE name='$name' AND password='$password'";
$result =#mysqli_query($query,$con);
echo($result);
$row=#mysqli_num_rows($result);
echo"the row num is $row \n";
?>
RTM: http://php.net/mysqli_query
$result =#mysqli_query($query,$con);
You've got your parameters reversed. $con MUST come first:
$result = mysqli_query($con, $query) or die(mysqli_error());
If you had bothered adding error correction to your code, you'd have been told about this. But nope, you opted for # to hide all those error messages.
My function should return number of rows with email like '$email'. But whey return 0 all the time, although in database i have rows with email like I insert in variable '$email'. What could be the reason?
function checkMail($email){
$email = mysql_real_escape_string($email);
$sql = "SELECT COUNT(*) FROM users WHERE email='$email'";
return mysql_query($sql);
}
You aren't returning a result, you're returning a query resource:
function checkMail($email){
$email = mysql_real_escape_string($email);
$sql = "SELECT COUNT(*) as emailCount FROM users WHERE email='$email'";
$query = mysql_query($sql) or die(mysql_error()); // show error if one happens
return mysql_fetch_assoc($query);
}
This will return an associative array containing your results (if it succeeds), and you should be able to access your count by:
$res = checkMail('your#email.com');
$count = $res['emailCount'];
Side note:
mysql functions are deprecated, you should use mysqli or PDO syntax:
https://stackoverflow.com/a/13944958/2812842
function checkMail($email){
$email = mysql_real_escape_string($email);
$sql = "SELECT COUNT(*) FROM users WHERE email='$email'";
$resource=mysql_query($sql);
$row=mysql_fetch_array($resource);
return $row[0];
}
To fetch the count use:
mysql_query($sql)
$row = mysql_fetch_assoc($result);
return($row[0]);
The funny thing is that mysql_query return 0, which indicates query fail. Check the corresponding error message with:
echo mysql_error();
I'm trying to create a duplicate check with PHP and MySQL and have now tried many different varieties. Nevertheless, my code does not show if the user name already exist. As far as I know this should be the right (of many) formula for a functional duplicate check?
$username = "heihei";
$checkquery = mysqli_query($con,"SELECT * FROM users
WHERE username='$username'") or die(mysqli_error());
if (mysqli_num_rows($checkquery)) {
echo ">0" ;
}else {
echo "0" ;
}
User table looks like this:
ID USERNAME
1 heihei
2 neinei
When defining $username as heihei, result is 0.
Result is the same if I define $username as something.
It will show that the user don't exists already.
What is the problem here?
Do this:
Replace
if (mysqli_num_rows($checkquery)) {
with:
if (mysqli_num_rows($checkquery) > 0) {
and replace echo ">0" ; with echo "Exists"; - that's what I use with success.
Try this also:
$results = "SELECT username FROM users WHERE username = '$username'";
$checkquery = mysqli_query($con,$results) or die(mysqli_error());
if (mysqli_num_rows($checkquery) > 0) {
The way I do it in my script, is this:
$mysqli = new mysqli("xxx","xxx", "xxx", "xxx");
$username = mysqli_real_escape_string($mysqli,$_POST['username']);
$username = $_POST['username'];
$sql = "SELECT username FROM users WHERE username = '$username'";
$results = mysqli_query($mysqli,$sql) or die(mysqli_error());
if (mysqli_num_rows($results) > 0)
{
die("Sorry, that username is already taken.");
}
Also you can use another query:
SELECT COUNT(*) FROM users WHERE `username` = '$username'
And see the results
if(mysqli_num_rows(mysqli_query($checkquery))== 0){
echo "no duplicates";
}