2

I am building just a very simple login service in PHP, the database query is returning false every single time. I have added email addresses into the users table in my database using phpmyadmin, but when I enter one of the email addresses into the field and push submit, the query goes to the database and comes back false every time.

here is the code:

//queries the database and checks if the email address exists
$result = mysqli_query($connection, "SELECT * FROM 'users' WHERE 'Email'='$email'");
if ($result == FALSE){
die("The account for <i>$email</i> doesn't not exist!");
}

I know that the email variable from the form is correct because it gets printed out as an error. I also know that the email address in the database matches it exactly. The query however only returns false.

Thank you for your help.

Improve this question
3
  • 3
    It's because you're comparing a string, 'Email', to another string (the email address), and they do not match. Remove the ' around Email, or use backticks instead (top, left of the keyboard, next to the 1 key). The backticks are only required, though, if you have a column with a reserved word (using date is a common mistake) or if there's a space in the column (both bad ideas). Commented Aug 10, 2014 at 1:31
  • 1
    Oh yeah, and FROM 'users'. You're mistaking backticks for single-quotes; these are not the same in a query. If you were displaying the error on the query, you would have probably seen an error on this one. Commented Aug 10, 2014 at 1:33
  • This question could have been avoided if you just checked for errors. Commented Aug 10, 2014 at 2:02

1 Answer 1

Reset to default
2

Just as @Jared has said in the comments you're using ' single quotes on your table and column names. You can convert them it into backticks or just remove them.

Backticks are required if your column, table, and database names are included in the reserved names of MySQL.

Since you're using mysqli_*. I suggest you use prepared statements and use num_rows instead. Example:

// use prepared statements
$stmt = $connection->prepare('SELECT * FROM `users` WHERE `Email` = ?');
//                                           ^ backticks   ^
$stmt->bind_param('s', $email);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows > 0){
    // found
} else {
    die("The account for <i>$email</i> doesn't not exist!");  
}
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

+1 to catch the error, but backticks are not really needed since users and Email are not reserved keywords. Avoid using backticks where it is not needed.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.