1

The database information is correct and working, I've tested this several times. The database exists along with the table i am trying to pull data out of. I have dummy information in the database, here is my code to check if the user in the database 'network', table 'users':

<?php 
require 'core/init.php';

if (empty($_POST) === false){
    $username = $_POST['username'];
    $password = $_POST['password'];

    if (empty($username) === true || empty($password) === true) {
        $errors[] = 'You need to enter a username and password.';
    } else if (user_exists($username) === false) {
        $errors[] = 'Username does not exists. Have you registered?';
    } else if (user_active($username) === false) {
        $errors[] = 'Your account is not activated. Please check your email!';
    } else {

    }

    print_r($errors);
}
?>

Here is the code for the functions 'user_exists($username)'

<?php


function user_exists($username) {
    $username = sanitize($username);
    return (mysql_result(mysql_query("SELECT COUNT('user_id') FROM 'users' WHERE 'username' = '".$username."'"), 0) === 1) ? true : false;
}

function user_active($username) {
    $username = sanitize($username);
    return (mysql_result(mysql_query("SELECT COUNT('user_id') FROM 'users' WHERE 'username' = '".$username."' AND 'active' = 1"), 0) === 1) ? true : false;
}
?>

sanitize function:

<?php
function sanitize($data) {
    return mysqli_real_escape_string($data);
}
?>

Here is my issue:

When I login with the dummy information - Username; Password (md5 hashed via phpmyadmin) if displays the error:

'Username does not exists. Have you registered?'

I have tried using a different database, a different user.. nothing works.. Help!

Improve this question
8
  • Replace the single quotes from column name and table name with back tick `. Also take a look at this link: dev.mysql.com/doc/refman/5.5/en/reserved-words.html Commented Dec 6, 2013 at 21:01
  • @vinodadhikary didnt make a difference. Commented Dec 6, 2013 at 21:05
  • Combine the two answers below :) Edit: Somebody removed the second one. Commented Dec 6, 2013 at 21:05
  • @Aragon0 i did, i still get user does not exist. Commented Dec 6, 2013 at 21:07
  • Give us the MySQL error: "echo mysql_error();" after the user_exists call. Commented Dec 6, 2013 at 21:11

3 Answers 3

Reset to default
1

Use back ticks for column and table names,not quotes.

"SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '".$username."'")

return (mysql_result(mysql_query("SELECT COUNT('user_id') 
FROM 'users' WHERE 'username' = '".$username."'"), 0) === 1) ? true : false;
}

mysql_results returns either a cell or false,so above the condition ===1 is never reached.

Docs

Returns the contents of one cell from a MySQL result set on success, or FALSE on failure.

return (mysql_result(mysql_query("SELECT COUNT('user_id') 
FROM 'users' WHERE 'username' = '".$username."'"), 0) == false) ? false: true;
}

Also you are connecting with mysql and using mysqli_real_escape_string in the sanitize function. Dont mix them.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

That didnt make a difference. I still get user does not exists.
This coding practice promotes sql injection.
@JustinE this isnt a live project, this is a learning project.
@JustinE No it doesn't. He sanitizes the output.
got it, thanks. it was the sanitation mysqli_* that was causing the problem, i changed it to mysql_. I tried turning mysql_ to mysqli_*, but mysqli_result doesnt seem to like this line: return (mysqli_result(mysqli_query("SELECT COUNT(user_id) FROM users WHERE username = '".$username."'"), 0) == 1) ? true : false; -- it shows mysqli_result as an invalid command. Ill work it out. Thanks!
0 
function user_exists($username) {
    $username = sanitize($username);
    return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '".$username."'"), 0) == 1) ? true : false;
}

function user_active($username) {
    $username = sanitize($username);
    return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '".$username."' AND `active` = 1"), 0) == 1) ? true : false;
}

What was done:

  1. Replaced '' for column names with `

  2. Used == instead of ===

Improve this answer

Comments

0

PDO: 

function user_exists($username) {
    $db = new PDO('mysql:host=localhost;dbname=testdb;charset=utf8', 'username', 'password', array(PDO::ATTR_EMULATE_PREPARES => falsse, PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
    $stmt = $db->query("SELECT `user_id` FROM `users` WHERE `username` = '".$username."'"));
    $row_count = $stmt->rowCount();
    if($row_count==="1"){return true;}else{return false;}
}
Improve this answer

2 Comments

That's wrong! If you count the rows with the MySQL COUNT() expression, it will return one row with the number of rows. Your code would always return true. You need to fetch the first line and then check the first column of that.
I have updated my answer. It now locates the user that matches the username, and counts the amount of rows that were returned.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.