0

Well, something going wrong here. I type username and password which are exist in my DB. It should echo this string in such situations

need to activate

but it echo this

You need to reg

init.php

<?php
    //error_reporting(0);
    session_start();

    require 'dbconnect.php';//this works okay so i wouldn't post this file code
    require 'users.php';

    $errors = array();
?>

users.php

        <?php

        function user_exists($username){
            $username = mysql_real_escape_string($username);

            $query = mysql_query("SELECT COUNT('user_id') FROM `users` WHERE 'username' = '$username'");

            if (!$query) {
                die('Could not query:' . mysql_error());
            }

            return (mysql_result($query, 0) == 1) ? true : false;

        }

        function user_active($username){

            $username = mysql_real_escape_string($username);

            $querytoo = mysql_query("SELECT COUNT('user_id') FROM `users` WHERE 'username' = '$username' AND 'active' = 1");

            if (!$querytoo) {
                die('Could not query:' . mysql_error());
            }

            return (mysql_result($querytoo , 0) == 1) ? true : false;

        }
    ?>

login.php

<?php
include 'init.php';


if(empty($_POST) === false){
    $username = $_POST['username'];
    $password = $_POST['password'];

    if(empty($username) === true || empty($password) === true){
        $errors[]='You need to enter a username and password';
    } 
    elseif(user_exists($username) === false){
        $errors[]='You need to reg';
    } 
    elseif(user_active($username) === false){
        $errors[]='need to activate';
    } 
    else {
    //
    }

    print_r($errors);
}



?>

part of html 

<form action="login.php" method = "post">
                    <ul id="login">
                        <li>
                            username:<br>
                            <input type="text" name="username" size="30" value=""/></li>
                        <li>password:<br>
                            <input type="password" name="password" size="30" value=""/></li>
                        <li><input type = "submit" value ="Log in"></li>
                        <li>
                            <a href="register.php"> Register</a>
                        </li>
                    </ul>

P.S. text of querys is works fine, i checked it in mysql. in php code when I type `` instead of '' here

SELECT COUNT('user_id') FROM users WHERE 'username' = '$username' AND 'active' = 1

appears

'Could not query:'

thing

and i tried elseif and else if things so i don't think that problems is there

Improve this question
1

4 Answers 4

Reset to default
6

Your SQL is wrong. You are comparing a static strings to your value, not a column name:

    SELECT COUNT('user_id') FROM users WHERE 'username' = '$username' AND 'active' = 1

should be

SELECT COUNT(user_id) FROM users WHERE username = '$username' AND active = 1

Note that I removed the ' from the column names. It is also valid to use backticks:

SELECT COUNT(`user_id`) FROM users WHERE `username` = '$username' AND `active` = 1
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

It says >Could not query:Unknown column 'user_id' in 'field list'
but column user_id is exist i checked it
could you run SHOW CREATE TABLE users?
weel, if i understood you right i typed echo mysql_query("SHOW CREATE TABLE users"); inside function user_exists and now it's says Resource id #6 Could not query:Unknown column 'user_id' in 'field list'
oh damn guys it was smth with sql i just reebot it and now it works fine
1

using ' around table/field names in a query turns them into strings, and they will not longer be treated as field/table names. That's why there's backticks, for escaping such field/table names that happen to be keywords. The ONLY time you HAVE to escape field/table names is if they're reserved words.

Which means that...

SELECT COUNT('user_id')
             ^-      ^-
FROM `users`
WHERE 'username' = '$username' AND 'active' = 1");
      ^--      ^--                 ^-     ^-

is completely wrong. You're counting a fixed string, you're comparing the provided username against a string whose value is username, and ditto for active.

Improve this answer

Comments

1

Your query to check the existence of a user is probably one of your problem :

$query = mysql_query("SELECT COUNT('user_id') FROM `users` WHERE 'username' = '$username'");

In that query, you are using single quotes on your column name. Which results in comparing two strings, and, unless you have a user name called username, it will always return 0. Escape your columns with an ` char.

$query = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username'");

or don't use anything

$query = mysql_query("SELECT COUNT(user_id) FROM `users` WHERE username = '$username'");
Improve this answer

3 Comments

same here Could not query:Unknown column 'user_id' in 'field list'
I just used what you wrote (user_id). However, I'm glad it worked now that you rebooted.
thanks! and now is apache crushes gyazo.com/a3e65d30d251d5dd94608893c73d3c59 i think i should reinstall Denwer. again. oh.
1

Have you remembered to register the username into the session, as well as get it afterwards?

$username = $_SESSION['username'];
Improve this answer

1 Comment

Well where are the $username variable coming from?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.