this is my table
Field Type Null Key Default Extra
id_key int(11) NO PRI NULL auto_increment
tbl_users_username varchar(255) YES UNI NULL
tbl_users_password varchar(32) YES NULL
tbl_users_identifier varchar(32) YES NULL
tbl_users_token varchar(32) YES NULL
tbl_users_access_type int(1) YES NULL
tbl_users_timeout int(10) YES NULL
this is my code
$query = "SELECT * FROM tbl_users where tbl_users_username = '$_POST[email_address]'" ;
$result = mysql_query($query);
if($result)
{
echo "TRUE";
}
else
{
echo "FALSE";
}
There are no problems connecting to the database. The problem arises when I run the query. No matter if the email is in the table or not it returns a $result. What am I missing here? It is supposed to echo true if email address exists in table, false if it is not in table.
The result will be returned nevertheless(if you made a valid query) use mysql_num_rows to check if the mail exists instead.
Actually use PDO if you can
I suggest that you print out your query to ascertain that it is 100% the query you expect it to be.
In addition to that, You are checking:
$result = mysql_query($query);
if($result)
This checks if a resource was returned from your query. It your query is valid then as per the documentation, you should always have a resource.
Suggested code:
$result = mysql_query($query);
if($result)
{
$num = mysql_num_rows($result);
if ($num > 0)
{
//do logic processing here...
echo "TRUE";
}
}
else
{
die('Invalid query: ' . mysql_error());
}
Code Explanation:
Fetch the resource from the query
If valid resource was returned, continue and check the number of records that were fetched
from this query.
If the resource was not returned, the else part echo out a failure message.
I would strongly suggest that you look into using PDO library.
Briefly the Advantages of PDO:
Allows you to use prepared statement with ease (prepared statement are great for security!!!)
PDO can connect to various different Databases including MySQL, but others as well.
Its quite easy to use in my opinion and it quite easy to pick for new comers etc.
Stack overflow usage tips:
Always use the search in the top right hand corner. Numerous people have come across problems that may could help you.
Always have a look at the How to Ask Question FAQ
Feedback & always ask further questions if required!
$_POST[email_address] should use single or double quotes i guess:
$_POST["email_address"] or $_POST['email_address']
$query = "SELECT * FROM tbl_users where tbl_users_username = '" . $_POST['email_address'] . "'" ;
However, as #FabioCosta says, you have to fetch the result or count the number of returned rows to achieve what you are aiming at:
$query = "SELECT 1 FROM tbl_users where tbl_users_username = '" . $_POST['email_address'] . "'";
$result = mysql_query($query);
if(mysql_num_rows($result) === 1) {
echo "TRUE";
} else {
echo "FALSE";
}
If you use PHP's mysql_num_rows function, you should be able to return the number of rows, and your logic will work. So, try the following:
$num = mysql_num_rows($result);
if ($num > 0) {
echo "TRUE";
}else{
echo "FALSE";
}
$query = "SELECT *
FROM tbl_users
WHERE tbl_users_username = '" . mysql_real_escape_string($_POST['email_address']) . "'";
$result = mysql_query($query) or die(mysql_error());
if($result)
{
echo "TRUE";
}
else
{
echo "FALSE";
}
This should fix any problems you're running into, or at least give you a handy error message to work off of.
The following query will select the tbl_users_username value based on the value in the posted email_address' value. So, use this query:
$query =
"SELECT * FROM tbl_users where tbl_users_username = '".$_POST['email_address']."';";
Related
What I want is that php check if the client IP address is the same one which in the DB if it already exists, if not to insert new data.
well, it works if the client isn't already inserted in the database, but if he already exists php is skipping the update and trying to insert it again in the database............
I don't know whats wrong with it and couldn't figure out.
Here is my code:
<?php
$corruser = $_SESSION['user_name'];
$client_ip = $_SERVER['REMOTE_ADDR'];
require_once 'connections/dbc.php';
if (!$conn) {
echo "Error connecting the database";
exit();
} else{
$GUI = "SELECT * FROM `customers` WHERE user_name='$corruser'";
$GUI_response = mysqli_query($conn, $GUI);
if (!$row = mysqli_fetch_assoc($GUI_response)) {
echo "Error while query the database";
exit();
} else{
$customer_id = $row['customer_id'];
$check = "SELECT * FROM `users-ipdb` WHERE customer_id='$customer_id' AND user_name='$user_name' ";
$check_response = mysqli_query($conn,$check);
$check_result = mysqli_fetch_array($check_response, MYSQLI_NUM);
if ($check_result[0] > 1) {
$update_ip = "UPDATE `users-ipdb` SET `client_ip`='$client_ip' WHERE customer_id='$customer_id' AND user_name='$corruser' ";
$update_ip_result = mysqli_query($conn, $update_ip);
if (!$update_ip_result) {
echo "ERROR UPDATING DATA BASE";
exit();
}
} else{
$insert_new = "INSERT INTO `users-ipdb`(`customer_id`, `user_name`,`client_ip`) VALUES ('$customer_id','$corruser','$client_ip')";
$insert_new_result= mysqli_query($conn, $insert_new);
if (!$insert_new_result) {
echo "Error inserting new data in the database";
exit();
}
}
}
}
?>
I think you made an error with this code :
$check = "SELECT * FROM `users-ipdb` WHERE customer_id='$customer_id' AND user_name='$user_name' ";
$user_name variable doesn't exist, you should replace it with $corruser
That's why the code never goes into the UPDATE
First, make sure that your condition does work as expected. If customer_id is not a number the following line:
if ($check_result[0] > 1) {
can be possibly evaluated as if(0 > 1) let you read this:
Comparing String to Integer gives strange results.
The other comments mention "UPSERTS" which are explained here https://mariadb.com/kb/en/library/insert-on-duplicate-key-update/
The basic idea is that you can do
INSERT INTO `users-ipdb`(`customer_id`, `user_name`,`client_ip`)
VALUES ('$customer_id','$corruser','$client_ip')"
ON DUPLICATE KEY UPDATE client_ip='$client_ip';
and you get rid of the all the php logic. For this to work properly customer_id and user_name must be both part of the PRIMARY KEY.
If you need to query multiple tables, you can use joins - if you use ON DUPLICATE KEY UPDATE you don't need them, but still a good thing to know - https://mariadb.com/kb/en/library/join-syntax/
Last, but not least - it is a good habit to escape any value which may come from other sources. Maybe it is not your case, but some people tend to create usernames like Joe';DROP TABLE mysql.user;SELECT ' and it will destroy your database, because your query will become
SELECT * FROM `users-ipdb` WHERE customer_id='$customer_id' AND user_name='Joe';DROP TABLE mysql.user;SELECT ''
So be careful.
Something is wrong with my php,
I'm doing an account validation where if the data exist it will display "There is data" and else "No data"...
When I enter the first 'row' reference_id and submit, it shows "There is data" which is correct but when I entered the second to the last 'row' reference_id it shows "No data" even though it exist in my Database!
Database:
reference_id (varchar 250)
status (varchar250)
PHP
if (isset($_POST['submit_valid'])) {
if (!empty($_POST['reference_id']))
{
$query = mysqli_query($con, "SELECT * FROM client_record");
$result = mysqli_fetch_array($query);
if ($result['reference_id'] == $_POST['reference_id'])
{
echo"<script type='text/javascript'> alert('There is data'); window.location.href='next_page.php'; </script>";
}
if ($result['reference_id'] !== $_POST['reference_id']) {
echo"<script type='text/javascript'> alert('No data.'); window.location.href='this_page.php'; </script>";
}
}
}
I am not sure if it's the mysqli_fetch_array fault or the if-else condition is wrong?
if you guys know the problem please help me?
Your query execution currently only looks at the first row. A fetch needs to be looped to iterate over all rows. e.g.
$query = mysqli_query($con, "SELECT * FROM client_record");
$result = mysqli_fetch_array($query);
should be
$query = mysqli_query($con, "SELECT * FROM client_record");
while($result = mysqli_fetch_array($query)) {
but this is inefficient. When looking for a specific record use a where clause. Parameterized queries also will prevent SQL injections, and quoting issues. The i in the bind_param is for an integer, if your id is a string use s.
$prepared = mysqli_prepare($con, "SELECT * FROM client_record where reference_id = ?");
mysqli_stmt_bind_param($prepared, 'i', $_POST['reference_id']);
mysqli_stmt_execute($prepared);
mysqli_stmt_store_result($prepared);
while (mysqli_stmt_fetch($prepared)) {
$query = mysqli_query($con, "SELECT * FROM client_record");
$result = mysqli_fetch_array($query);
This will give you the first row from the table.
Add a WHERE reference_id = :refid clause?!
Then bind the refid parameter, so as to avoid SQL injection.
Lapiz, the problem is actually with the comparison operator:
($result['reference_id'] == $_POST['reference_id'])
This will check the first reference_id from the returned set in array.
The best way to tackle this would be to use if (in_array(5, $result)) where 5 is the needle and $result is the array haystack.
Because all you are doing is to check if the reference exists in the returned data set .
This is also good design practices, to collect results and avoid multiple reference queries each time, hit the database once and query the result set.
If its a multidemnsional array loop through the set:
foreach($result as $resultItem)
{
if(in_array("reference_id", $resultItem, true))
{
echo "There is Data";
}
}
Good Luck .
I've found several tutorials which have similar code like the following:
$sql = "select * from users";
$result = $conn1->Execute($sql);
if ($result==false) {
print 'error' . $conn1->ErrorMsg() . '<br>';
} else {
print_r($result->GetRows());
}
But how can $result ever be false? If I add a where clause which can not be fulfilled the else-branch is still taken since $result contains the column titles. Examples:
"select * from users"; // Select the whole table data
echo "$result";
leads to
id,username,password 1,peter,geheim 2,sabine,secret 3,thorsten,qwertz
Whereas
"select * from users where username = 'does not exist'";
echo "$result";
leads to
id,username,password
Therefore result is never false. What is my mistake here?
The Execute method returns false if the query itself fails, and not if it has 0 results.
If you want to check if the query returned any results you can use the RecordCount method.
$rows = $conn1->Execute($sql);
if ($rows->RecordCount() > 0) {
// Do something with your rows
} else {
// Nothing returned
}
I'm having a user enter a desired name, then check the database to see if it exists before I make it. It's not working properly though, sometimes it echos the right thing, sometimes not.
$makeName = $_POST["userName"];
$nameFind = "SELECT userName FROM usertable WHERE userName = $makeName";
$nameCompare = mysqli_query($con, $nameFind);
if($nameCompare == false)
{
echo "This is a new name";
}
else
{
echo "Pick a new name please";
}
The query doesn't fail just because it returns no rows. Use mysqli_num_rows() to find out if there was a match or not.
Also xkcd
Don't do it that way.
Instead,
Create a unique constraint on the column "username".
Insert the user's desired name.
Trap the error when the desired name already exists.
Why? Your approach always requires two round-trips to the database, and it doesn't account for errors. And you have to trap errors anyway; there are lots of things that can go wrong with an insert statement.
Use quotes and escaping:
"select userName FROM usertable WHERE userName = '" . mysqli_real_escape_string($makeName) . "'"
And then use mysqli_num_rows()
$result = mysqli_query($query); $num_rows = mysqli_num_rows($result);
if(mysqli_num_rows($nameCompare))
{
echo "Pick a new name please";
}
else
{
echo "This is a new name";
}
this will check the result, if there is a row, it's already used.
You need two queries for that anyways
$username = mysqli_real_escape_string($con,$username);
$query = "SELECT * FROM tbl_login WHERE username='$username'";
$result = mysqli_query($con,$query)or die(mysqli_error());
$num_row = mysqli_num_rows($result);
$row=mysqli_fetch_array($result);
if( $num_row ==1 ) {
echo 'false';
}
else{
$query_insert = "INSERT INTO login (username, password)VALUES ('$username','$password');";
$result = mysqli_query($con,$query_insert) or die(mysqli_error());
}
I think this should work but it is not...
Basically i am trying to check mysql db to see if there is a record that meets the 2 variables..if no do one thing if yes do another thing. the result is always no at this point.
$result = mysql_query("SELECT 'lastname' FROM 'Cust_Releases' WHERE 'lastname' = '$usercheck' AND 'TripID'= '$RLtripid'");
echo $result;
if(mysql_num_rows($result) == 0) {
echo"no";// row not found, do stuff...
}
else {
echo"yes"; // do other stuff...
}
First of all, stop using mysql_* functions because this extension is deprecated as of PHP 5.5.0.
Second always use the (`) symbol around database names, table names and column names.
You have a reserved word used RELEASE.
$sql = "SELECT `lastname` FROM `Releases` WHERE `lastname` = '$usercheck' AND `TripID` = '$RLtripid'";
Reserved words you find here
$result = mysql_query("SELECT lastname FROM `Releases` WHERE lastname = '$usercheck' AND TripID= '$RLtripid' LIMIT 1");
if (!$result) {
die('Invalid query: ' . mysql_error());
}
echo $result;
if(mysql_num_rows($result) == 0) {
echo"no";// row not found, do stuff...
}
else {
echo"yes"; // do other stuff...
}
Escaping 'Releases', as Bondye suggested
Adding 'LIMIT 1' to your query to allow the possibility of an early-out when there is more than one matching record. You don't appear to need the total count. May not make any difference if unique constraints exist which guarantee that only one row can be returned
mysql_query is deprecated. In real code you should be using PDO and prepared statements / bind variables!
debugging is a very important thing in programming. first do make sure that the varibales $usercheck, and $RLtripid contain values.
-----------------------
$sql = "SELECT `lastname` FROM `Cust_Releases` WHERE `lastname` = '$usercheck' AND `TripID`= '$RLtripid'";
echo $sql;
$result = mysql_query($sql);
....-------------------
Try this code. It will help you
$result = mysql_query("SELECT COUNT( * ) from Cust_Releases lastname = '$usercheck' AND TripID= '$RLtripid'");
if($result == 0) {
echo"no";// row not found, do stuff...
}
else {
echo"yes"; // do other stuff...
}